CISSP CBK Glossary Flashcards

Question 1

Q

6to4

Answer

A

Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.

Question 2

Q

A Checklist Test

Answer

A

Copies of the plan are handed out to each functional area for examination to ensure the plan properly deals with the area’s needs and vulnerabilities.

Question 3

Q

A Cold Site

Answer

A

Is just a building with power, raised floors, and utilities. No devices are available. This is the cheapest of the three options, but can take weeks to get up and operational.

Question 4

Q

A Full-Interruption Test

Answer

A

One in which regular operations are stopped and processing is moved to the alternate site.

Question 5

Q

A Hot Site

Answer

A

Fully configured with hardware, software, and environmental needs. It can usually be up and running in a matter of hours. It is the most expensive option, but some companies cannot be out of business longer than a day without very detrimental results.

Question 6

Q

A Parallel Test

Answer

A

One in which some systems are actually run at the alternate site.

Question 7

Q

A Reciprocal Agreement

Answer

A

One in which a company promises another company it can move in and share space if it experiences a disaster, and vice versa. Reciprocal agreements are very tricky to implement and are unenforceable.

Question 8

Q

A Simulation Test

Answer

A

A practice execution of the plan takes place. A specific scenario is established, and the simulation continues up to the point of actual relocation to the alternate site.

Question 9

Q

A Structured Walk-Through Test

Answer

A

Representatives from each functional area or department get together and walk through the plan from beginning to end.

Question 10

Q

A Warm Site

Answer

A

Does not have computers, but it does have some peripheral devices, such as disk drives, controllers, and tape drives. This option is less expensive than a hot site, but takes more effort and time to become operational.

Question 11

Q

Absolute Addresses

Answer

A

Hardware addresses used by the CPU.

Question 12

Q

Abstraction

Answer

A

The capability to suppress unnecessary details so the important, inherent properties can be examined and reviewed.

Question 13

Q

Accepted Ways for Handling Risk

Answer

A

Accept, transfer, mitigate, avoid.

Question 14

Q

Access

Answer

A

The flow of information between a subject and an object.

Question 15

Q

Access Control Matrix

Answer

A

A table of subjects and objects indicating what actions individual subjects can take upon individual objects.

Question 16

Q

Access Control Model

Answer

A

An access control model is a framework that dictates how subjects access objects.

Question 17

Q

Access Controls

Answer

A

Are security features that control how users and systems communicate and interact with other systems and resources.

Question 18

Q

Accreditation

Answer

A

Formal acceptance of the adequacy of a system’s overall security by management.

Question 19

Q

Active Attack

Answer

A

Attack where the attacker does interact with processing or communication activities.

Question 20

Q

ActiveX

Answer

A

A Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM. It is a framework for defining reusable software components in a programming language independent manner.

Question 21

Q

Address Bus

Answer

A

Physical connections between processing components and memory segments used to communicate the physical memory addresses being used during processing procedures.

Question 22

Q

Address Resolution Protocol (ARP)

Answer

A

A networking protocol used for resolution of network layer IP addresses into link layer MAC addresses.

Question 23

Q

Address Space Layout Randomization (ASLR)

Answer

A

Memory protection mechanism used by some operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.

Question 24

Q

Algebraic Attack

Answer

A

Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of mathematical functions.

Question 25

Q

Algorithm

Answer

A

Set of mathematical and logic rules used in cryptographic functions.

Question 26

Q

Analog Signals

Answer

A

Continuously varying electromagnetic wave that represents and transmits data.

Question 27

Q

Analytic Attack

Answer

A

Cryptanalysis attack that exploits vulnerabilities within the algorithm structure.

Question 28

Q

Annualized Loss Expectancy (ALE)

Answer

A

Annual expected loss if a specific vulnerability is exploited and how it affects a single asset. SLE * ARO = ALE.

Question 29

Q

Application Programming Interface (API)

Answer

A

Software interface that enables process-to-process interaction. Common way to provide access to standard routines to a set of software programs.

Question 30

Q

Arithmetic Logic Unit (ALU)

Answer

A

A component of the computer’s processing unit, in which arithmetic and matching operations are performed.

Question 31

Q

AS/NZS 4360

Answer

A

Australia and New Zealand business risk management assessment approach.

Question 32

Q

Assemblers

Answer

A

Tools that convert assembly code into the necessary machine-compatible binary language for processing activities to take place.

Question 33

Q

Assembly Language

Answer

A

A low-level programming language that is the mnemonic representation of machine-level instructions.

Question 34

Q

Assurance Evaluation Criteria

Answer

A

Check-list and process of examining the security-relevant parts of a system (TCB, reference monitor, security kernel) and assigning the system an assurance rating.

Question 35

Q

Asymmetric Algorithm

Answer

A

Encryption method that uses two different key types, public and private. Also called public key cryptography.

Question 36

Q

Asymmetric Mode Multiprocessing

Answer

A

When a computer has two or more CPUs and one CPU is dedicated to a specific program while the other CPUs carry out general processing procedures.

Question 37

Q

Asynchronous Communication

Answer

A

Transmission sequencing technology that uses start and stop bits or similar encoding mechanism. Used in environments that transmit a variable amount of data in a periodic fashion.

Question 38

Q

Asynchronous Token Generating Method

Answer

A

Employs a challenge/response scheme to authenticate the user.

Question 39

Q

Attack Surface

Answer

A

Components available to be used by an attacker against the product itself.

Question 40

Q

Attenuation

Answer

A

Gradual loss in intensity of any kind of flux through a medium. As an electrical signal travels down a cable, the signal can degrade and distort or corrupt the data it is carrying.

Question 41

Q

Attribute

Answer

A

A column in a two-dimensional database.

Question 42

Q

Authentication Header (AH) Protocol

Answer

A

Protocol within the IPSec suite used for integrity and authentication.

Question 43

Q

Authenticode

Answer

A

A type of code signing, which is the process of digitally signing software components and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was digitally signed. Authenticode is Microsoft’s implementation of code signing.

Question 44

Q

Availability

Answer

A

Reliable and timely access to data and resources is provided to authorized individuals.

Question 45

Q

Avalanche effect

Answer

A

Algorithm design requirement so that slight changes to the input result in drastic changes to the output.

Question 46

Q

Base registers

Answer

A

Beginning of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.

Question 47

Q

Baseband transmission

Answer

A

Uses the full bandwidth for only one communication channel and has a low data transfer rate compared to broadband.

Question 48

Q

Bastion host

Answer

A

A highly exposed device that will most likely be targeted for attacks, and thus should be hardened.

Question 49

Q

Behavior blocking

Answer

A

Allowing the suspicious code to execute within the operating system and watches its interactions with the operating system, looking for suspicious activities.

Question 50

Q

Birthday attack

Answer

A

Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions.

Question 51

Q

Block cipher

Answer

A

Symmetric algorithm type that encrypts chunks (blocks) of data at a time.

Question 52

Q

Blowfish

Answer

A

Block symmetric cipher that uses 64-bit block sizes and variable-length keys.

Question 53

Q

Border Gateway Protocol (BGP)

Answer

A

The protocol that carries out core routing decisions on the Internet. It maintains a table of IP networks, or “prefixes,” which designate network reachability among autonomous systems.

Question 54

Q

Bots

Answer

A

Software applications that run automated tasks over the Internet, which perform tasks that are both simple and structurally repetitive. Malicious use of bots is the coordination and operation of an automated attack by a botnet (centrally controlled collection of bots).

Question 55

Q

Broadband transmission

Answer

A

Divides the bandwidth of a communication channel into many channels, enabling different types of data to be transmitted at one time.

Question 56

Q

Buffer overflow

Answer

A

Too much data is put into the buffers that make up a stack. Common attack vector used by attackers to run malicious code on a target system.

Question 57

Q

Bus topology

Answer

A

Systems are connected to a single transmission channel (i.e., network cable), forming a linear construct.

Question 58

Q

Business Continuity Management (BCM)

Answer

A

is the overarching approach to managing all aspects of BCP and DRP.

Question 59

Q

Business Continuity Plan (BCP)

Answer

A

A business continuity action plan is a document or set of documents that contains the critical information a business needs to stay running in spite of adverse events. A business continuity plan is also called an emergency plan.

Question 60

Q

Business Impact Analysis (BIA)

Answer

A

An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems.

Question 61

Q

Cable Modem

Answer

A

A device that provides bidirectional data communication via radio frequency channels on cable TV infrastructures. Cable modems are primarily used to deliver broadband Internet access to homes.

Question 62

Q

Cache memory

Answer

A

Fast memory type that is used by a CPU to increase read and write operations.

Question 63

Q

Caesar Cipher

Answer

A

Simple substitution algorithm created by Julius Caesar that shifts alphabetic values three positions during its encryption and decryption processes

Question 64

Q

Capability Maturity Model Integration (CMMI)

Answer

A

A process improvement methodology that provides guidance for quality improvement and point of reference for appraising existing processes developed by Carnegie Mellon.

Answer 65

A

A capability table specifies the access rights a certain subject possesses pertaining to specific objects. A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.

Answer 66

A

LANs using carrier sense multiple access with collision avoidance require devices to announce their intention to transmit by broadcasting a jamming signal.

Answer 67

A

Cipher block chaining message authentication code uses encryption for data integrity and data origin authentication.

Answer 68

A

An intersection of a row and a column.

Answer 69

A

A technique used to hide specific cells that contain sensitive information.

Answer 70

A

The part of a computer that performs the logic, computation, and decision-making functions. It interprets and executes instructions as it receives them.

Answer 71

A

Digital identity used within a PKI. Generated and maintained by a certificate authority and used for authentication.

Answer 72

A

List that is maintained by the certificate authority of a PKI that contains information on all of the digital certificates that have been revoked.

Answer 73

A

Technical evaluation of the security components and their compliance to a predefined security policy for the purpose of accreditation.

Answer 74

A

Component of a PKI that creates and maintains digital certificates throughout their life cycles.

Answer 75

A

The process of controlling the changes that take place during the life cycle of a system and documenting the necessary change control activities.

Answer 76

A

A line bridging device for use with T-carriers, and that is required by PSTN providers at digital interfaces that terminate in a Data Service Unit (DSU) on the customer side. The DSU is a piece of telecommunications circuit terminating equipment that transforms digital data between telephone company lines and local equipment.

Answer 77

A

Cryptanalysis attack where the attacker chooses a ciphertext and obtains its decryption under an unknown key.

Answer 78

A

Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.

Answer 79

A

Another name for algorithm.

Answer 80

A

Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts.

Answer 81

A

A method for using the existing 32-bit Internet Address Space efficiently.

Answer 82

A

Input validation is done at the client before it is even sent back to the server to process.

Answer 83

A

A threshold.

Answer 84

A

Designs are built upon proprietary procedures, which inhibit interoperability capabilities.

Answer 85

A

The delivery of computer processing capabilities as a service rather than as a product, whereby shared resources, software, and information are provided to end users as a utility. Offerings are usually bundled as an infrastructure, platform, or software.

Answer 86

A

Cipher message authentication code that is based upon and provides more security compared to CBC-MAC.

Answer 87

A

Block cipher mode that combines the CTR encryption mode and CBC-MAC. One encryption key is used for both authentication and encryption purposes.

Answer 88

A

Set of control objectives used as a framework for IT governance developed by Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

Answer 89

A

Fact or opinion based information used to verify an individual’s identity.

Answer 90

A

A measurement that indicates how many different types of tasks a module needs to carry out.

Answer 91

A

(1) A condition that is present when two or more terminals are in contention during simultaneous network access attempts. (2) In cryptography, an instance when a hash function generates the same output for different inputs.

Answer 92

A

Two or more people working together to carry out fraudulent activities.

Answer 93

A

International standard used to assess the effectiveness of the security controls built into a system from functional and assurance perspectives.

Answer 94

A

Tools that convert high-level language statements into the necessary machine-level format (.exe, .dll, etc.) for specific processors to understand.

Answer 95

A

Another type of virus that appends itself to executables on the system and compresses them by using the user’s permissions.

Answer 96

A

Encryption method that hides a secret message within an open message.

Answer 97

A

A security concept that assures the necessary level of secrecy is enforced and unauthorized disclosure is prevented.

Answer 98

A

Substitution processes used in encryption functions to increase randomness.

Answer 99

A

Bases access decisions on the sensitivity of the data, not solely on subject identity.

Answer 100

A

Bases access decisions on the state of the situation, not solely on identity or content sensitivity.

Answer 101

A

Safeguard that is put in place to reduce a risk, also called a countermeasure.

Answer 102

A

Deterrent: Discourage a potential attacker
Preventive: Stop an incident from occurring
Corrective: Fix items after an incident has occurred
Recovery: Restore necessary components to return to normal operations
Detective: Identify an incident’s activities after it took place
Compensating: Alternative control that provides similar protection as the original control

Answer 103

A

Administrative, technical (logical), and physical

Answer 104

A

Part of the CPU that oversees the collection of instructions and data from memory and how they are passed to the processing components of the CPU.

Answer 105

A

Data files used by web browsers and servers to keep browser state information and browsing preferences.

Answer 106

A

Multitasking scheduling scheme used by older operating systems to allow for computer resource time slicing.

Answer 107

A

A form of protection granted by law for original works of authorship fixed in a tangible medium of expression.

Answer 108

A

Internal control model used for corporate governance to help prevent fraud developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.

Answer 109

A

An estimate of the equivalent monetary value of proposed benefits and the estimated costs associated with a control in order to establish whether the control is feasible.

Answer 110

A

A measurement that indicates how much interaction one module requires for carrying out its tasks.

Answer 111

A

Central Computing and Telecommunications Agency Risk Analysis and Management Method.

Answer 112

A

An attack where a vulnerability is found on a web site that allows an attacker to inject malicious code into a web application.

Answer 113

A

A signal on one channel of a transmission creates an undesired effect in another channel by interacting with it. The signal from one cable “spills over” into another cable.

Answer 114

A

Practice of uncovering flaws within cryptosystems.

Answer 115

A

Science of secret writing that enables an entity to store and transmit data in a form that is available only to the intended individuals.

Answer 116

A

The study of both cryptography and cryptanalysis.

Answer 117

A

Hardware or software implementation of cryptography that contains all the necessary software, protocols, algorithms, and keys.

Answer 118

A

Physical connections between processing components and memory segments used to transmit data being used during processing procedures.

Answer 119

A

Individual responsible for implementing and maintaining security controls to meet security requirements outlined by data owner.

Answer 120

A

Central repository of data elements and their relationships.

Answer 121

A

The act of willfully modifying information, programs, or documentation in an effort to commit fraud or disrupt production.

Answer 122

A

Memory protection mechanism used by some operating systems. Memory segments may be marked as non-executable so that they cannot be misused by malicious software.

Answer 123

A

Use of segregation in design decisions to protect software components from negatively interacting with each other. Commonly enforced through strict interfaces.

Answer 124

A

A methodology used by organizations to better understand their customers, products, markets, or any other phase of the business.

Answer 125

A

Considers data independently of the way the data are processed and of the components that process the data. A process used to define and analyze data requirements needed to support the business processes.

Answer 126

A

Individual responsible for the protection and classification of a specific data set.

Answer 127

A

A representation of the logical relationship between elements of data.

Answer 128

A

Combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis.

Answer 129

A

A cross-referenced collection of data.

Answer 130

A

Manages and controls the database.

Answer 131

A

Act of transforming data into a readable format.

Answer 132

A

Implementation of multiple controls so that successful penetration and compromise is more difficult to attain.

Answer 133

A

Data collection method that happens in an anonymous fashion.

Answer 134

A

Cryptanalysis method that uses the study of how differences in an input can affect the resultant difference at the output.

Answer 135

A

First asymmetric algorithm created and is used to exchange symmetric key values. Based upon logarithms in finite fields.

Answer 136

A

Transposition processes used in encryption functions to increase randomness.

Answer 137

A

Access control technologies commonly used to protect copyright material.

Answer 138

A

Binary digits are represented and transmitted as discrete electrical pulses.

Answer 139

A

Ensuring the authenticity and integrity of a message through the use of hashing algorithms and asymmetric algorithms. The message digest is encrypted with the sender’s private key.

Answer 140

A

A set of technologies that provide Internet access by transmitting digital data over the wires of a local telephone network. DSL is used to digitize the “last mile” and provide fast Internet connectivity.

Answer 141

A

A routing protocol that calculates paths based on the distance (or number of hops) and a vector (a direction).

Answer 142

A

The process of replicating the databases containing the DNS data across a set of DNS servers.

Answer 143

A

A set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.

Answer 144

A

U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.

Answer 145

A

A hierarchical distributed naming system for computers, services, or any resource connected to an IP based network. It associates various pieces of information with domain names assigned to each of the participating entities.

Answer 146

A

This device has two interfaces and sits between an untrusted network and trusted network to provide secure access.

Answer 147

A

Refers to going through someone’s trash to find confidential or useful information. It is legal, unless it involves trespassing, but in all cases it is considered unethical.

Answer 148

A

DHCP is an industry standard protocol used to dynamically assign IP addresses to network devices.

Answer 149

A

A set of subroutines that are shared by different applications and operating system processes.

Answer 150

A

Asymmetric algorithm based upon the Diffie-Hellman algorithm used for digital signatures, encryption, and key exchange.

Answer 151

A

Asymmetric algorithm based upon the algebraic structure of elliptic curves over finite fields. Used for digital signatures, encryption, and key exchange.

Answer 152

A

Activity in which the sender address and other arts of the e-mail header are altered to appear as though the e-mail originated from a different source. Since SMTP does not provide any authentication, it is easy to impersonate and forge e-mails.

Answer 153

A

Protocol within the IPSec suite used for integrity, authentication, and encryption.

Answer 154

A

Act of transforming data into an unreadable format.

Answer 155

A

The encryption of information at the point of origin within the communications network and postponing of decryption to the final destination point.

Answer 156

A

Common LAN media access technology standardized by IEEE 802.3. Uses 48-bit MAC addressing, works in contention-based networks, and has extended outside of just LAN environments.

Answer 157

A

Presence of a vulnerability, which exposes the organization to a threat.

Answer 158

A

A focused, qualitative approach that carries out pre-screening to save time and money.

Answer 159

A

Approach that dissects a component into its basic functions to identify flaws and those flaw’s effects.

Answer 160

A

Approach to map specific flaws to root causes in complex systems.

Answer 161

A

A portable identity, and its associated entitlements, that can be used across business boundaries.

Answer 162

A

Ring-based token network protocol that was derived from the IEEE 802.4 token bus timed token protocol. It can work in LAN or MAN environments and provides fault tolerance through dual-ring architecture.

Answer 163

A

A basic unit of data records organized on a storage medium for convenient location, access, and updating.

Answer 164

A

An attribute of one table that is related to the primary key of another table.

Answer 165

A

A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses.

Answer 166

A

Cryptanalysis process used to identify weaknesses within cryptosystems by locating patterns in resulting ciphertext.

Answer 167

A

An older technique in which the available transmission bandwidth of a circuit is divided by frequency into narrow bands, each used for a separate voice or data transmission channel, which many conversations can be carried on one circuit.

Answer 168

A

Functionality is what a control does, and its effectiveness is how well the control does it.

Answer 169

A

A technique used to discover flaws and vulnerabilities in software.

Answer 170

A

Tool that marks unused memory segments as usable to ensure that an operating system does not run out of memory.

Answer 171

A

Temporary memory location the CPU uses during its processes of executing instructions. The ALU’s “scratch pad” it uses while carrying out logic and math functions.

Answer 172

A

Suggestions and best practices.

Answer 173

A

A standard that addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multipoint conferences.

Answer 174

A

Physically mapping software to individual memory segments.

Answer 175

A

Cryptographic hash function that uses a symmetric key value and is used for data integrity and data origin authentication.

Answer 176

A

Combines records and fields that are related in a logical tree structure.

Answer 177

A

Refers to a system, component, or environment that is continuously operational.

Answer 178

A

Otherwise known as third-generation programming languages, due to their refined programming structures, using abstract statements.

Answer 179

A

Systems that entice with the goal of protecting critical production systems. If two or more honeypots are used together, this is considered a honeynet.

Answer 180

A

A combination of HTTP and SSL\TLS that is commonly used for secure Internet connections and e-commerce transactions.

Answer 181

A

Combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key.

Answer 182

A

Combination of monolithic and microkernel architectures. The microkernel carries out critical operating system functionality, and the remaining functionality is carried out in a client\server model within kernel mode.

Answer 183

A

Central program used to manage virtual machines (guests) within a simulated environment (host).

Answer 184

A

Standard that specifies a set of protocols to meet the security requirements for protecting data traversing Ethernet LANs.

Answer 185

A

Standard that specifies unique per-device identifiers (DevID) and the management and cryptographic binding of a device (router, switch, access point) to its identifiers.

Answer 186

A

Attaches code to the file or application, which would fool a virus into “thinking” it was already infected.

Answer 187

A

Usually the first step in an attacker’s methodology, in which the information gathered may allow an attacker to infer additional information that can be used to compromise systems.

Answer 188

A

European standard used to assess the effectiveness of the security controls built into a system.

Answer 189

A

Values that are used with algorithms to increase randomness for cryptographic functions.

Answer 190

A

Set of operations and commands that can be implemented by a particular processor (CPU).

Answer 191

A

A circuit-switched telephone network system technology designed to allow digital transmission of voice and data over ordinary telephone copper wires.

Answer 192

A

Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented.

Answer 193

A

Block symmetric cipher that uses a 128-bit key and 64-bit block size.

Answer 194

A

A core protocol of the IP suite used to send status and error messages.

Answer 195

A

Used by systems and adjacent routers on IP networks to establish and maintain multicast group memberships.

Answer 196

A

A method of accessing electronic mail or bulletin board messages that are kept on a (possibly shared) mail server. IMAP permits a client e-mail program to access remote message stores as if they were local. For example, e-mail stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, without the need to transfer messages of files back and forth between these computers. IMAP can be regarded as the next-generation POP.

Answer 197

A

Core protocol of the TCP/IP suite. Provides packet construction, addressing, and routing functionality.

Answer 198

A

Used to establish security associates and an authentication framework in Internet connections. Commonly used by IKE for key exchange.

Answer 199

A

Tools that convert code written in interpreted languages to the machine-level format for processing.

Answer 200

A

Software or hardware signal that indicates that system resources (i.e., CPU) are needed for instruction processing.

Answer 201

A

Values assigned to computer components (hardware and software) to allow for efficient computer resource time slicing.

Answer 202

A

An IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

Answer 203

A

Protocol suite used to protect IP traffic through encryption and authentication. De facto standard VPN protocol.

Answer 204

A

IP version 6 is the successor to IP version 4 and provides 128-bit addressing, integrated IPSec security protocol, simplified header formats, and some automated configuration.

Answer 205

A

Industry-recognized best practices for the development and management of an information security management system.

Answer 206

A

International standard for the implementation of a risk management program that integrates into an information security management system (ISMS).

Answer 207

A

Best practices for information technology services management processes developed by the United Kingdom’s Office of Government Commerce.

Answer 208

A

Small components (applets) that provide various functionalities and are delivered to users in the form of Java bytecode. Java applets can run in a web browser using a Java Virtual Machine (JVM). Java is platform independent; thus, Java applets can be executed by browsers for many platforms.

Answer 209

A

Concept that an algorithm should be known and only the keys should be kept secret.

Answer 210

A

Mode that a CPU works within when carrying out more trusted process instructions. The process has access to more computer resources when working in kernel versus user mode.

Answer 211

A

Sequence of bits that are used as instructions that govern the acts of cryptographic functions within an algorithm.

Answer 212

A

A weakness that would exist in a cryptosystem if two different keys would generate the same ciphertext from the same plaintext.

Answer 213

A

Generation of secret keys (subkeys) from an initial value (master key).

Answer 214

A

A range of possible values used to construct keys.

Answer 215

A

Component of a stream algorithm that creates random values for encryption purposes.

Answer 216

A

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext.

Answer 217

A

Architecture that separates system functionality into hierarchical layers.

Answer 218

A

Ending of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.

Answer 219

A

Cryptanalysis method that uses the study of affine transformation approximation in encryption processes.

Answer 220

A

Technology that encrypts full packets (all headers and data payload) and is carried out without the sender’s interaction.

Answer 221

A

A routing protocol used in packet-switching networks where each router constructs a map of the connectivity within the network and calculates the best logical paths, which form its routing table.

Answer 222

A

Executes a program, or string of code, when a certain event happens or a date and time arrives.

Answer 223

A

Indirect addressing used by processes within an operating system. The memory manager carries out logical-to-absolute address mapping.

Answer 224

A

A set of instructions in binary format that the computer’s processor can understand and work with directly.

Answer 225

A

A computer virus that spreads by binding itself to software such as Word or Excel.

Answer 226

A

Code within software that provides a back door entry capability.

Answer 227

A

Detective administrative control used to uncover potential fraudulent activities by requiring a person to be away from the organization for a period of time.

Answer 228

A

Interrupt value assigned to a non-critical operating system activity.

Answer 229

A

The predicted amount of time between inherent failures of a system during operation.

Answer 230

A

A measurement of the maintainability by representing the average time required to repair a failed component or device.

Answer 231

A

Data communication protocol sub-layer of the data link layer specified in the OSI model. It provides hardware addressing and channel access control mechanisms that make it possible for several nodes to communicate within a multiple-access network that incorporates a shared medium.

Answer 232

A

Cryptanalysis attack that tries to uncover a mathematical problem from two different ends.

Answer 233

A

These are not actual computer viruses, but types of e-mail messages that are continually forwarded around the Internet.

Answer 234

A

Holds information but cannot process information.

Answer 235

A

Network where each system must not only capture and disseminate its own data, but also serve as a relay for other systems; that is, it must collaborate to propagate the data in the network.

Answer 236

A

Keyed cryptographic hash function used for data integrity and data origin authentication.

Answer 237

A

A data link technology that is used as a metropolitan area network to connect customer networks to larger service networks or the Internet.

Answer 238

A

A data network intended to serve an area approximating that of a large city or college campus. Such networks are being implemented by innovative techniques, such as running fiber cables through subway tunnels.

Answer 239

A

Specific design of a microprocessor, which includes physical components (registers, logic gates, ALU, cache, etc.) that support a specific instruction set.

Answer 240

A

Reduced amount of code running in kernel mode carrying out critical operating system functionality. Only the absolutely necessary code runs in kernel mode, and the remaining operating system code runs in user mode.

Answer 241

A

Code that can be transmitted across a network, to be executed by a system or device on the other end.

Answer 242

A

Architecture framework used mainly in military support missions developed by the British Ministry of Defence.

Answer 243

A

When the CPU has to change from processing code in user mode to kernel mode.

Answer 244

A

All of the code of the operating system working in kernel mode in an ad-hoc and non-modularized manner.

Answer 245

A

Outlines how a system can simultaneously process information at different classifications for users with different clearance levels.

Answer 246

A

Also called a multipartite virus, this has several components to it and can be distributed to different parts of the system. It infects and spreads in multiple ways, which makes it harder to eradicate when identified.

Answer 247

A

A method of combining multiple channels of data over a single transmission line.

Answer 248

A

Interleaved execution of more than one program (process) or task by a single operating system.

Answer 249

A

A networking technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.

Answer 250

A

The standard for multimedia mail contents in the Internet suite of protocols.

Answer 251

A

Simultaneous execution of more than one program (process) or task by a single operating system.

Answer 252

A

Applications that can carry out multiple activities simultaneously by generating different instruction sets (threads).

Answer 253

A

Otherwise known as fifth-generation programming languages, which have the goal to create software that can solve problems by themselves. Used in systems that provide artificial intelligence.

Answer 254

A

The process of modifying IP address information in packet headers while in transit across a traffic routing device, with the goal of reducing the demand for public IP addresses.

Answer 255

A

The combining of server, storage, and network capabilities into a single framework, which decreases the costs and complexity of data centers. Converged infrastructures provide the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads.

Answer 256

A

Risk Management Guide for Information Technology Systems A U.S. federal standard that is focused on IT risks.

Answer 257

A

Set of controls that are used to secure U.S. federal systems developed by NIST.

Answer 258

A

A technique of inserting bogus information in the hopes of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful.

Answer 259

A

Interrupt value assigned to a critical operating system activity.

Answer 260

A

Can be a computer, database, file, computer program, directory, or field contained in a table within a database.

Answer 261

A

Designed to handle a variety of data (images, audio, documents, video), which is more dynamic in nature than a relational database.

Answer 262

A

Uses object-relational database management system (ORDBMS) and is a relational database with a software front end that is written in an object-oriented programming language.

Answer 263

A

A system that randomly generates a private key, and is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. One-time pads have the advantage that there is theoretically no way to break the code by analyzing a succession of messages.

Answer 264

A

Cryptographic process that takes an arbitrary amount of data and generates a fixed-length value. Used for integrity protection.

Answer 265

A

Automated method of maintaining revoked certificates within a PKI.

Answer 266

A

An SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.

Answer 267

A

Designs are built upon accepted standards to allow for interoperability.

Answer 268

A

International standardization of system-based network communication through a modular seven-layer architecture.

Answer 269

A

Team-oriented approach that assesses organizational and IT risks through facilitated workshops.

Answer 270

A

Sending data through an alternate communication channel.

Answer 271

A

Functional and assurance requirements are bundled into packages for reuse. This component describes what must be met to achieve specific EAL ratings.

Answer 272

A

The values that are being received by the application are validated to be within defined limits before the server application processes them within the system.

Answer 273

A

Attack where the attacker does not interact with processing or communication activities, but only carries out observation and data collection, as in network sniffing.

Answer 274

A

Grants ownership and enables that owner to legally enforce his rights to exclude others from using the invention covered by the patent.

Answer 275

A

Data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

Answer 276

A

Phishing is a scam in which the perpetrator sends out legitimate-looking e-mails, in an effort to phish (pronounced fish) for personal and financial information from the recipient.

Answer 277

A

A DoS attack type on a computer that involves sending malformed or oversized ICMP packets to a target.

Answer 278

A

A message before it has been encrypted or after it has been decrypted using a specific algorithm and key; also referred to as cleartext. (Contrast with ciphertext.)

Answer 279

A

Cable is jacketed with a fire-retardant plastic cover that does not release toxic chemicals when burned.

Answer 280

A

High-level document that outlines senior management’s security directives.

Answer 281

A

Produces varied but operational copies of itself. A polymorphic virus may have no parts that remain identical between infections, making it very difficult to detect directly using signatures.

Answer 282

A

Two objects can receive the same input and have different outputs.

Answer 283

A

Software construct that allows for application- or service-specific communication between systems on a network. Ports are broken down into categories; well known (0-1023), registered (1024-49151), and dynamic (49152-65535).

Answer 284

A

An Internet standard protocol used by e-mail clients to retrieve e-mail from a remote server and supports simple download-and-delete requirements for access to remote mailboxes.

Answer 285

A

Multitasking scheduling scheme used by operating systems to allow for computer resource time slicing. Used in newer, more stable operating systems.

Answer 286

A

used to integrate public key cryptography with e-mail functionality and data encryption, which was developed by Phil Zimmerman.

Answer 287

A

Columns that make each row unique. (Every row of a table must include a primary key.)

Answer 288

A

A small version of the phone company’s central switching office. Also known as a private automatic branch exchange. A central telecommunications switching station that an organization uses for its own purposes.

Answer 289

A

Value used in public key cryptography that is used for decryption and signature creation and known to only key owner.

Answer 290

A

Step-by-step implementation instructions.

Answer 291

A

Program loaded in memory within an operating system.

Answer 292

A

Protection mechanism provided by operating systems that can be implemented as encapsulation, time multiplexing of shared resources, naming distinctions, and virtual memory mapping.

Answer 293

A

Processes can be in various activity levels.
Ready = waiting for input.
Running = instructions being executed by CPU.
Blocked = process is “suspended.”

Answer 294

A

Holds the memory address for the following instructions the CPU needs to act upon.

Answer 295

A

Condition variable that indicates to the CPU what mode (kernel or user) instructions need to be carried out in.

Answer 296

A

Description of a needed security solution.

Answer 297

A

A system that acts as an intermediary for requests from clients seeking resources from other sources. A client connects to the proxy server, requesting some service, and the proxy server evaluates the request according to its filtering rules and makes the connection on behalf of the client. Proxies can be open or carry out forwarding or reverse forwarding capabilities.

Answer 298

A

Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties.

Answer 299

A

An asymmetric cryptosystem where the encrypting and decrypting keys are different and it is computationally infeasible to calculate one form the other, given the encrypting algorithm. In public key cryptography, the encrypting key is made public, but the decrypting key is kept secret.

Answer 300

A

The public circuit-switched telephone network, which is made up of telephone lines, fiber-optic cables, cellular networks, communications satellites, and undersea telephone cables and allows all phone-to-phone communication. It was a fixed-line analog telephone system, but is now almost entirely digital and includes mobile as well as fixed telephones.

Answer 301

A

Opinion-based method of analyzing risk with the use of scenarios and ratings.

Answer 302

A

Assigning monetary and numeric values to all the data elements of a risk assessment.

Answer 303

A

Use of quantum mechanical functions to provide strong cryptographic key exchange.

Answer 304

A

Two or more processes attempt to carry out their activity on one resource at the same time. Unexpected behavior can result if the sequence of execution does not take place in the proper order.

Answer 305

A

Hardware inside a computer that retains memory on a short-term basis and stores information while the computer is in use.
It is the working memory of the computer into which the operating system, startup applications and drivers are loaded when a computer is turned on, or where a program subsequently started up is loaded, and where thereafter, these applications are executed.
RAM can be read or written in any section with one instruction sequence. It helps to have more of this working space installed when running advanced operating systems and applications. RAM content is erased each time a computer is turned off. RAM is the most common type of memory found in computers and other devices, such as printers. There are two basic types of RAM: dynamic RAM (DRAM) and static RAM (SRAM).

Answer 306

A

Algorithm used to create values that are used in cryptographic functions to add randomness.

Answer 307

A

Stream symmetric cipher that was created by Ron Rivest of RSA. Used in SSL and WEP.

Answer 308

A

Block symmetric cipher that uses variable block sizes (32, 64, 128) and variable-length key sizes (0-2040).

Answer 309

A

Block symmetric cipher that uses a 128-bit block size and variable length key sizes (128, 192, 256). Built upon the RC5 algorithm.

Answer 310

A

Used to transmit audio and video over IP-based networks. It is used in conjunction with the RTCP. RTP transmits the media data, and RTCP is used to monitor transmission statistics and QoS, and aids synchronization of multiple data streams.

Answer 311

A

A collection of related data items.

Answer 312

A

A measurement of the point prior to an outage to which data are to be restored.

Answer 313

A

The earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences.

Answer 314

A

Concept that defines a set of design requirements of a reference validation mechanism (security kernel), which enforces an access control policy over subject’s (processes, users) ability to perform operations (read, write, execute) on objects (files, resources) on a system.

Answer 315

A

Small, temporary memory storage units integrated and used by the CPU during its processing functions.

Answer 316

A

The primary purpose of an RA is to verify an end entity’s identity and determine whether it is entitled to have a public key Certificate issued.

Answer 317

A

In a relational database, data is organized in two-dimensional tables or relations.

Answer 318

A

Malicious programs that run on systems and allow intruders to access and use a system remotely.

Answer 319

A

A network protocol that provides client/server authentication and authorization, and audits remote users.

Answer 320

A

Involves transmitting the journal or transaction log offsite to a backup facility.

Answer 321

A

This type of attack occurs when an attacker intercepts authentication information through the use of network monitoring utilities. The attacker then “replays” this information to the security system in an effort to gain access to the system.

Answer 322

A

Risk that remains after implementing a control. Threats * vulnerabilities * assets * (control gap) = residual risk.

Answer 323

A

Limits the user’s environment within the system, thus limiting access to objects.

Answer 324

A

Block symmetric cipher that was chosen to fulfil the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192, 256).

Answer 325

A

Each system connects to two other systems, forming a single, unidirectional network pathway for signals, thus forming a ring.

Answer 326

A

The probability of a threat agent exploiting a vulnerability and the associated impact.

Answer 327

A

An operation that ends a current transaction and cancels all the recent changes to the database until the previous checkpoint/ commit point.

Answer 328

A

Computer memory chips with preprogrammed circuits for storing such software as word processors and spreadsheets. Information in the computer’s ROM is permanently maintained even when the computer is turned off

Answer 329

A

Set of malicious tools that are loaded on a compromised system through stealthy techniques. The tools are used to carry out more attacks either on the infected systems or surrounding systems.

Answer 330

A

Detective administrative control used to uncover potential fraudulent activities.

Answer 331

A

Access is based on a list of rules created or authorized by system owners that specify the privileges granted to users.

Answer 332

A

Substitution cipher that creates keystream values, commonly from agreed-upon text passages, to be used for encryption purposes.

Answer 333

A

Framework Risk-driven enterprise security architecture that maps to business initiatives, similar to the Zachman framework.

Answer 334

A

A virtual environment that allows for very fine-grained control over the actions that code within the machine is permitted to take. This is designed to allow safe execution of untrusted code from remote sources.

Answer 335

A

Defines the structure of the database.

Answer 336

A

A firewall that communicates directly with a perimeter router and the internal network. The router carries out filtering activities on the traffic before it reaches the firewall.

Answer 337

A

When two filtering devices are used to create a DMZ. The external device screens the traffic entering the DMZ network, and the internal filtering device screens the traffic before it enters the internal network.

Answer 338

A

A simple transposition cipher system that employs a rod of a certain thickness around which was wrapped a long, thin strip of parchment.

Answer 339

A

The SET specification has been developed by Visa and MasterCard to allow for secure credit card and offline debit card (check card) transactions over the World Wide Web.

Answer 340

A

Secure/Multipurpose Internet Mail Extensions, which outlines how public key cryptography can be used to secure MIME data types.

Answer 341

A

Network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods.

Answer 342

A

An XML standard that allows the exchange of authentication and authorization data to be shared between security domains.

Answer 343

A

Measures taken during development and evaluation of the product to assure compliance with the claimed security functionality.

Answer 344

A

Resources within this logical structure (domain) are working under the same security policy and managed by the same group.

Answer 345

A

Individual security functions which must be provided by a product.

Answer 346

A

The central part of a computer system (hardware, software, or firmware) that implements the fundamental security procedures for controlling access to system resources.

Answer 347

A

Mechanism used to delineate between the components within and outside of the trusted computing base.

Answer 348

A

Strategic tool used to dictate how sensitive information and resources are to be managed and protected.

Answer 349

A

Vendor’s written explanation of the security functionality and assurance mechanisms that meet the needed security solution.

Answer 350

A

Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices.

Answer 351

A

Attempts to hide from anti-virus software by modifying its own code so that it does not match predefined signatures.

Answer 352

A

An e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, a common vulnerability, by verifying sender IP addresses.

Answer 353

A

Preventive administrative control used to ensure one person cannot carry out a critical task alone.

Answer 354

A

An interpreted server-side scripting language used almost exclusively for web-based communication. It is commonly used to include the contents of one or more files into a web page on a web server. Allows web developers to reuse content by inserting the same content into multiple web documents.

Answer 355

A

Allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems.

Answer 356

A

An intruder takes over a connection after the original source has been authenticated.

Answer 357

A

The signaling protocol widely used for controlling communication, as in voice and video calls over IP based networks.

Answer 358

A

Symmetric keys that have a short lifespan, thus providing more protection than static keys with longer lifespans.

Answer 359

A

Twisted-pair cables are often shielded in an attempt to prevent RFI and EMI. This shielding can be applied to individual pairs or to the collection of pairs.

Answer 360

A

Viewing information in an unauthorized manner by looking over the shoulder of someone else.

Answer 361

A

Non-Intrusive Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions. Often tries to figure out how a component works without trying to compromise any type of flaw or weakness.

Answer 362

A

An Internet standard protocol for electronic mail (e-mail) transmission across IP-based networks.

Answer 363

A

Provides remote administration of network device; simple because the agent requires minimal software.

Answer 364

A

A lightweight protocol for exchange of information in a decentralized, distributed environment.

Answer 365

A

One instance of an expected loss if a specific vulnerability is exploited and how it affects a single asset. Asset Value * Exposure Factor = SLE.

Answer 366

A

Business management strategy developed by Motorola with the goal of improving business processes.

Answer 367

A

Plastic cards, typically with an electronic chip embedded, that contain electronic value tokens. Such value is disposable at both physical retail outlets and online shopping locations.

Answer 368

A

A DDoS attack type on a computer that floods the target system with spoofed broadcast ICMP packets.

Answer 369

A

Gaining unauthorized access by tricking someone into divulging sensitive information.

Answer 370

A

Manipulating individuals so that they will divulge confidential information, rather than by breaking in or using technical cracking techniques.

Answer 371

A

Identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

Answer 372

A

Two processes cannot complete their activities because they are both waiting for system resources to be released.

Answer 373

A

Storing of the source code of software with a third-party escrow agent. The software source code is released to the licensee if the licensor (software vendor) files for bankruptcy or fails to maintain and update the software product as promised in the software license agreement.

Answer 374

A

Allows a sender of a packet to specify the route the packet takes through the network versus routers determining the path.

Answer 375

A

A network protocol that ensures a loop-free topology for any bridged Ethernet LAN and allows redundant links to be available in case connection links go down.

Answer 376

A

Temporary memory location that holds critical processing parameters. They hold values as in the program counter, stack pointer, and program status word.

Answer 377

A

Construct that is made up of individually addressable buffers. Process-to-process communication takes place through the use of stacks.

Answer 378

A

Compulsory rules that support the security policies.

Answer 379

A

Network consists of one central device, which acts as a conduit to transmit messages. The central device, to which all other nodes are connected, provides a common connection point for all nodes.

Answer 380

A

Describes the product and customer requirements. A detailed-oriented SOW will help ensure that these requirements are properly understood and assumptions are not made.

Answer 381

A

A debugging technique that is carried out by examining the code without executing the program, and therefore is carried out before the program is compiled.

Answer 382

A

Cryptanalysis attack that uses identified statistical patterns.

Answer 383

A

This form of multiplexing uses all available time slots to send significant information and handles inbound data on a first-come, first-served basis.

Answer 384

A

A virus that hides the modifications it has made. The virus tries to trick anti-virus software by intercepting its requests to the operating system and providing false and bogus information.

Answer 385

A

(1) The method of concealing the existence of a message or data within seemingly innocent covers. (2) A technology used to embed information in for example, audio and graphical material. The audio and graphical materials appear unaltered until a steganography tool is used to reveal the hidden message.

Answer 386

A

An encryption method in which a cryptographic key and an algorithm are applied to each bit in a datastream, one bit at a time.

Answer 387

A

An active entity that requests access to an object or the data within an object.

Answer 388

A

Logical subdivision of a network that improves network administration and helps reduce network traffic congestion. Process of segmenting a network into smaller networks through the use of an addressing scheme made up of network and host portions.

Answer 389

A

Encryption method that uses an algorithm that changes out (substitutes) one value for another value.

Answer 390

A

Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes.

Answer 391

A

When a computer has two or more CPUs and each CPU is being used in a load-balancing method.

Answer 392

A

DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic.

Answer 393

A

Transmission sequencing technology that uses a clocking pulse or timing scheme for data transfer synchronization.

Answer 394

A

Standardized multiplexing protocols that transfer multiple digital bit streams over optical fiber and allow for simultaneous transportation of many different circuits of differing origin within a single framing protocol.

Answer 395

A

Synchronizes with the authentication service by using time or a counter as the core piece of the authentication process. If the synchronization is time-based, the token device and the authentication service must hold the same time within their internal clocks.

Answer 396

A

The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and, ultimately, its disposal, which instigates another system initiation.

Answer 397

A

Product proposed to provide a needed security solution.

Answer 398

A

Dedicated lines that can carry voice and data information over trunk lines.

Answer 399

A

Standardization of device-based network communication through a modular four-layer architecture. Specific to the IP suite, created in 1970 by an agency of the U.S. Department of Defense (DoD).

Answer 400

A

Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network, but also performs its function behind NAT devices.

Answer 401

A

Instruction set generated by a process when it has a specific activity that needs to be carried out by an operating system. When the activity is finished, the thread is destroyed.

Answer 402

A

The danger of a threat agent exploiting a vulnerability.

Answer 403

A

Entity that can exploit a vulnerability.

Answer 404

A

A systematic approach used to understand how different threats could be realized and how a successful compromise could take place.

Answer 405

A

Technology that allows processes to use the same resources.

Answer 406

A

A type of multiplexing in which two or more bit streams or signals are transferred apparently simultaneously as sub-channels in one communication channel, but are physically taking turns on the single channel.

Answer 407

A

Attacker manipulates the “condition check” step and the “use” step within software to allow for unauthorized activity.

Answer 408

A

Enterprise architecture framework used to define and understand a business environment developed by The Open Group.

Answer 409

A

LAN medium access technology that controls network communication traffic through the use of token frames. This technology has been mostly replaced by Ethernet.

Answer 410

A

Full risk amount before a control is put into place. Threats * vulnerabilities * assets = total risk.

Answer 411

A

Proprietary business or technical information, processes, designs, practices, etc. that are confidential and critical to the business.

Answer 412

A

Protect words, names, product shapes, symbols, colors, or a combination of these used to identify products or a company. These items are used to distinguish products from the competitors’ products.

Answer 413

A

The major transport protocol in the Internet suite of protocols providing reliable, connection-oriented, full-duplex streams.

Answer 414

A

Mode that IPSec protocols can work in that provides protection for packet data payload.

Answer 415

A

Encryption method that shifts (permutation) values.

Answer 416

A

Symmetric cipher that applies DES three times to each block of data during the encryption process.

Answer 417

A

A program that is disguised as another program with the goal of carrying out malicious activities in the background without the user knowing.

Answer 418

A

U.S. DoD standard used to assess the effectiveness of the security controls built into a system. Replaced by the Common Criteria. Also known as the Orange Book.

Answer 419

A

A collection of all the hardware, software, and firmware components within a system that provide security and enforce the system’s security policy.

Answer 420

A

Trustworthy software channel that is used for communication between two processes that cannot be circumvented.

Answer 421

A

Mode that IPSec protocols can work in that provides protection for packet headers and data payload.

Answer 422

A

A row in a two-dimensional database.

Answer 423

A

A mechanism that is another control used in databases to ensure the integrity of the data held within the database.

Answer 424

A

When a biometric system rejects an authorized individual (false rejection rate).

Answer 425

A

When the system accepts impostors who should be rejected (false acceptance rate).

Answer 426

A

Assigning confidence level values to data elements.

Answer 427

A

Cabling in which copper wires are twisted together for the purposes of canceling out EMI from external sources. UTP cables are found in many Ethernet networks and telephone systems.

Answer 428

A

Connectionless, unreliable transport layer protocol, which is considered a “best effort” protocol.

Answer 429

A

Protection mode that a CPU works within when carrying out less trusted process instructions.

Answer 430

A

The creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.

Answer 431

A

Determines if the product provides the necessary solution for the intended real-world problem.

Answer 432

A

Determines if the product accurately represents and meets the specifications.

Answer 433

A

Otherwise known as fourth-generation programming languages and are meant to take natural language-based statements one step ahead.

Answer 434

A

A virtual relation defined by the database administrator in order to keep subjects from viewing certain data.

Answer 435

A

A group of hosts that communicate as if they were attached to the same broadcast domain, regardless of their physical location. VLAN membership can be configured through software instead of physically relocating devices or connections, which allows for easier centralized management.

Answer 436

A

Combination of main memory (RAM) and secondary memory within an operating system.

Answer 437

A

Creation of a simulated environment (hardware platform, operating system, storage, etc.) that allows for central control and scalability.

Answer 438

A

A small application, or string of code, that infects host applications. It is a programming code that can replicate itself and spread from one system to another.

Answer 439

A

Social engineering activity over the telephone system, most often using features facilitated by VoIP, to gain unauthorized access to sensitive data.

Answer 440

A

An exploit that allows an attacker on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.

Answer 441

A

The set of protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice data and multimedia sessions over IP-based networks.

Answer 442

A

Weakness or a lack of a countermeasure.

Answer 443

A

When a specialized program is used to automatically scan a list of telephone numbers to search for computers for the purposes of exploitation and hacking.

Answer 444

A

Multiplying the available capacity of optical fibers through use of parallel channels, with each channel on a dedicated wavelength of light. The bandwidth of an optical fiber can be divided into as many as 160 channels.

Answer 445

A

A piece of software installed on a system that is designed to intercept all traffic between the local web browser and the web server.

Answer 446

A

A telecommunication network that covers a broad area and allows a business to effectively carry out its daily function, regardless of location.

Answer 447

A

A passive attack that eavesdrops on communications. It is only legal with prior consent or a warrant.

Answer 448

A

A project management tool used to define and group a project’s individual work elements in an organized manner.

Answer 449

A

This takes place when an attacker captures packets at one location in the network and tunnels them to another location in the network for a second attacker to use against a target system.

Answer 450

A

These are different from viruses in that they can reproduce on their own without a host application and are self-contained programs.

Answer 451

A

Enterprise architecture framework used to define and understand a business environment developed by John Zachman.

Answer 452

A

One entity can prove something to be true without providing a secret value.

Brainscape's Knowledge GenomeTM

CISSP CBK Glossary Flashcards

Brainscape's Knowledge Genome^TM