COP4360 Final Review Multiple Choice Flashcards

1
Q

A __________ is any action that compromises the security of information owned by an organization.

security mechanism

security attack

security policy

security service

A

Security Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The assurance that data received are exactly as sent by an authorized entity is __________.

data integrity

access control

data confidentiality

authentication

A

Data Intgerity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A threat action in which sensitive data are directly released to an unauthorized entity is __________.

disruption

corruption

intrusion

exposure

A

Exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A loss of _________ is the unauthorized disclosure of information.

integrity

confidentiality

availability

authenticity

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic routing

Traffic integrity

Traffic control

Traffic padding

A

Traffic Padding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

low

normal

moderate

high

A

high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences.

deception

disruption

usurpation

unauthorized disclosure

A

deception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

interception

repudiation

inference

masquerade

A

Masquerade

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack

two-thirds

three-fourths

one-fourth

half

A

Half

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

secret key

digital signature

keystream

one way hash function

A

Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data.

keystream

secret key

digital signature

hash function

A

Hash Function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

__________ is the scrambled message produced as output.

Cipher text

Secret key

Plain text

Cryptanalyst

A

Cipher Text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.

DSS

SHA

RSA

AES

A

RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The original message or data that is fed into the algorithm is __________.

encryption algorithm

secret key

decryption algorithm

plain text

A

Plain Text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The __________ is the encryption algorithm run in reverse.

decryption algorithm

cipher text

plain text

encryption algorithm

A

Decryption Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________.

AES

DSS

RSA

SHA

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

__________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

Decryption

Collision resistance

Message authentication

Cryptanalysis

A

Message Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________.

user more keys

use less keys

use shorter keys

user longer keys

A

user longer keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Recognition by fingerprint, retina, and face are examples of __________.

face recognition

static biometrics

dynamic biometrics

token authentication

A

Static Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

__________ defines user authentication as “the process of verifying an identity claimed by or for a system entity”.

RFC 2493

RFC 4949

RFC 2298

RFC 2328

A

RFC 4949

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The most common means of human-to-human identification are __________.

retinal patterns

facial characteristics

signatures

fingerprints

A

Facial Recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Each individual who is to be included in the database of authorized users must first be __________ in the system.

authenticated

verified

enrolled

identified

A

Enrolled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.

identification step

authentication step

verification step

corroboration step

A

Verification Step

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A __________ is a password guessing program.

password cracker

password hash

password biometric

password salt

A

Password Cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

__________ systems identify features of the hand, including shape, and lengths and widths of fingers.

Fingerprint

Hand geometry

Signature

Palm print

A

Hand Geometry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.

proactive password checking

user education

reactive password checking

computer-generated password

A

reactive password checking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.

reactive password checking

user education

computer-generated password

proactive password checking

A

User Education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.

challenge-response

eavesdropping

Trojan horse

denial-of-service

A

Challenge-Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A concept that evolved out of requirements for military information security is ______.

open and closed policies

reliable input

mandatory access control

discretionary input

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A __________ is an entity capable of accessing objects.

owner

subject

group

object

A

subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A(n) __________ is a resource to which access is controlled.

object

owner

subject

world

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

_________ is the granting of a right or permission to a system entity to access a system resource.

Authorization

Monitoring

Control

Authentication

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Access control

Audit control

Resource control

System control

A

Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

__________ controls access based on comparing security labels with security clearances.

RBAC

MAC

MBAC

DAC

A

DAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

__________ is verification that the credentials of a user or other system entity are valid.

Authorization

Authentication

Adequacy

Audit

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The final permission bit is the _________ bit.

superuser

sticky

set user

kernel

A

Sticky

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

__________ is based on the roles the users assume in a system rather than the user’s identity.

RBAC

DAC

MAC

URAC

A

RBAC (Role Based Access Control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

__________ is the traditional method of implementing access control.

MAC

MBAC

DAC

RBAC

A

Mandatory Access Control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

__________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.

Partitioning

Perturbation

Compromise

Inference

A

Inference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A _________ is defined to be a portion of a row used to uniquely identify a row in a table.

data perturbation

primary key

query

foreign key

A

Primary Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A ___________ is a person or organization that maintains a business relationship with cloud providers.

cloud consumer

cloud broker

cloud carrier

cloud auditor

A

Cloud Consumer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

__________ encompasses intrusion detection, prevention and response.

Intrusion management

Data loss prevention

Database access control

Security assessments

A

Intrusion Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.

administrator

end user other than application owner

application owner

foreign key

A

end user other than application owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

A(n) __________ is a structured collection of data stored for use by one or more applications.

attribute

tuple

database

inference

A

Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet.

relational database

DBMS

perturbation

query set

A

Relational Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A _________ is a virtual table.

tuple

view

query

DBMS

A

view

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A(n) __________ is a user who has administrative responsibility for part or all of the database.

end user other than application owner

database relations manager

administrator

application owner

A

Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

The __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

hybrid

public

private

community

A

hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A __________ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents.

macro virus

boot sector infector

mulipartite virus

file infector

A

macro virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.

trapdoor

trojan horse

worm

logic bomb

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

__________ are used to send large volumes of unwanted e-mail.

Spammer programs

Rootkits

Downloaders

Auto-rooter

A

Spammer Programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Computer viruses first appeared in the early __________.

1970s

1960s

1900s

1980s

A

1980’s

53
Q

The term “computer virus” is attributed to __________.

Charles Babbage

Fred Cohen

Herman Hollerith

Albert Einstein

A

Fred Cohen

54
Q

The __________ is what the virus “does”.

infection mechanism

logic bomb

payload

trigger

A

Payload

55
Q

The __________ is when the virus function is performed.

dormant phase

execution phase

propoagation phase

triggering phase

A

Execution Phase

56
Q

A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim’s data is __________.

Adobe

malware

Animoto

Prezi

A

Malware

57
Q

During the __________ the virus is idle.

triggering phase

propagation phase

dormant phase

execution phase

A

Dormant Phase

58
Q

__________ is the first function in the propagation phase for a network worm.

Keylogging

Fingerprinting

Spear phishing

Propagating

A

Propagating

59
Q

The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.

poison packet attack

basic flooding attack

DNS amplification attack

SYN spoofing attack

A

Basic Flooding Attack

60
Q

A ______ triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.

flash flood

echo

poison packet

reflection

A

Poison Packet

61
Q

A characteristic of reflection attacks is the lack of _______ traffic.

backscatter

botnet

three-way

network

A

Backscatter

62
Q

_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.

Application-based

Amplification

System-based

A

Application Based

63
Q

TCP uses the _______ to establish a connection.

zombie

directed broadcast

three-way handshake

SYN cookie

A

Three-Way Handshake

64
Q

Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______.

spidering

trailing

spoofing

crowding

A

Spidering

65
Q

Using forged source addresses is known as _________.

directed broadcast

a three-way address

random dropping

source address spoofing

A

Source Address Spoofing

66
Q

______ relates to the capacity of the network links connecting a server to the wider Internet.

Network bandwidth

Application resource

Directed broadcast

System payload

A

Network Bandwidth

67
Q

_______ is a text-based protocol with a syntax similar to that of HTTP.

SIP

RIP

DIP

HIP

A

SIP

68
Q

______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete/

HTTP

SYN flooding

Slowloris

Reflection attacks

A

Slowloris

69
Q

A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

analysis sensor

inline sensor

passive sensor

LAN sensor

A

Inline Sensor

70
Q

The _________ module analyzes LAN traffic and reports the results to the central manager.

central manager agent

architecture agent

host agent

LAN monitor agent

A

LAN Monitor Agent

71
Q

A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.

intrusion detection

network-based IDS

security intrusion

host-based IDS

A

Network-Based IDS

72
Q

__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

Threshold detection

Signature detection

Anomaly detection

Profile based detection

A

Signature Detection

73
Q

The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria

direction

action

destination port

protocol

A

Action

74
Q

A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.

Master

Activist

Apprentice

Journeyman

A

Apprentice

75
Q

The ________ is responsible for determining if an intrusion has occurred.

host

analyzer

user interface

sensor

A

Analyzer

76
Q

A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.

intrusion detection

criminal enterprise

security intrusion

IDS

A

Security Intrusion

77
Q

The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager.

host agent

architecture agent

LAN monitor agent

central manager agent

A

Host Agent

78
Q

_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.

RFC 4765

RFC 4766

RFC 4767

RFC 4764

A

RFC 4767

79
Q

_________ involves the collection of data relating to the behavior of legitimate users over a period of time.

Anomaly detection

Threshold detection

Profile based detection

Signature detection

A

Anamoly Detection

80
Q

A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way.

PEP

IDME

DDI

IDEP

A

DDI

81
Q

The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

analyzer

sensor

data source

operator

A

Analyzer

82
Q

__________________are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes.

Activists

Cyber criminals

State-sponsored organizations

Others

A

Activists

83
Q

A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

security intrusion

host-based IDS

network-based IDS

intrusion detection

A

Host-Based IDS

84
Q

An example of a circuit-level gateway implementation is the __________ package.

SMTP

SOCKS

application-level

stateful inspection

A

Application-Level

85
Q

________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.

Behavior

User

Direction

Service

A

Direction

86
Q

The _________ defines the transport protocol.

IP protocol field

source IP address

interface

destination IP address

A

IP Protocol Field

87
Q

A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.

stateful inspection firewall

UTM

VPN

proxy

A

Virtual Private Network (VPN)

88
Q

Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.

DMZ

boundary firewall

IP protocol field

VPN

A

DMZ

89
Q

A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.

stateful inspection firewall

distributed firewall

personal firewall

packet filtering firewall

A

Distributed Firewall Devices

90
Q

________ control controls how particular services are used.

Service

Behavior

User

Direction

A

Behavior

91
Q

_______ control controls access to a service according to which user is attempting to access it.

User

Service

Behavior

Direction

A

User

92
Q

_________ control determines the types of Internet services that can be accessed, inbound or outbound.

Service

Direction

User

Behavior

A

Service

93
Q

A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

application-level

packet filtering

stateful inspection

circuit-level

A

circuit level

94
Q

The _________ approach involves conducting a risk analysis for the organization’s IT systems that exploits the knowledge and expertise of the individuals performing the analysis.

detailed

informal

combined

baseline

A

Informal

95
Q

_________ is choosing to accept a risk level greater than normal for business reasons.

Risk avoidance

Risk acceptance

Risk transfer

Reducing likelihood

A

Risk Acceptance

96
Q

The intent of the ________ is to provide a clear overview of how an organization’s IT infrastructure supports its overall business objectives

corporate security policy

risk register

threat assessment

vulnerability source

A

Corporate Security Policy

97
Q

The ________ has revised and consolidated a number of national and international standards into a consensus of best practice.

ISO

VSB

CSI

DBI

A

ISO

98
Q

________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities.

Security controls

Risk controls

Risk appetite

None of these

A

Security Controls

99
Q

The results of the risk analysis should be documented in a _________.

consequence

none of these

journal

risk register

A

Risk Register

100
Q

The purpose of ________ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined.

risk avoidance

combining

control

establishing the context

A

Establishing the Context

101
Q

________ specification indicates the impact on the organization should the particular threat in question actually eventuate.

Threat

Likelihood

Risk

Consequence

A

Consequence

102
Q

_________ ensures that critical assets are sufficiently protected in a cost-effective manner

IT discipline

IT security management

IT risk implementations

IT control

A

IT Security Management

103
Q

A ________ is anything that might hinder or prevent an asset from providing appropriate levels of the key security services.

control

risk

threat

vulnerability

A

Threat

104
Q

The advantages of the _________ approach are that it doesn’t require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems

baseline

informal

detailed

combined

A

baseline

105
Q

_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.

IT security management

Detection and recovery control

Security compliance

Configuration management control

A

IT Security Management

106
Q

Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.

none of these

cost analysis

benefit analysis

cost-benefit analysis

A

cost-benefit analysis

107
Q

The follow-up stage of the management process does not include _________.

cost analysis

maintenance of security controls

security compliance checking

incident handling

A

Cost Analysis

108
Q

The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.

information security incident management

asset management

physical and environmental security

business and continuity management

A

Business and Continuity Management

109
Q

Periodically reviewing controls to verify that they still function as intended, upgrading controls when new requirements are discovered, ensuring that changes to systems do not adversely affect the controls, and ensuring new threats or vulnerabilities have not become known are all ________ tasks.

maintenance

security compliance

program management

incident handling

A

maintenance

110
Q

A contingency plan for systems critical to a large organization would be _________ than that for a small business.

smaller, more detailed

larger, more detailed

larger, less detailed

smaller, less detailed

A

larger, more detailed

111
Q

According to our text, an IT security plan should include details of _________.

recommended controls

risks

responsible personnel

all of these

A

All of these

112
Q

The implementation process is typically monitored by the organizational ______.

technology officer

human resources

security officer

general counsel

A

Security Officer

113
Q

The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.

asset management

business continuity management

access

compliance

A

Compliance

114
Q

________ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies.

Management

Detection and recovery

Technical

Preventative

A

Detection and Recovery

115
Q

_______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.

Supportive

Operational

Preventative

Detection and recovery

A

Supportive

116
Q

_______ controls focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization’s mission.

Supportive

Preventative

Technical

Management

A

Management

117
Q

Identification and authentication is part of the _______ class of security controls.

operational

technical

management

verification

A

Technical

118
Q

Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the follow-up stage of the _________ process.

security awareness and training

management

maintenance

all of these

A

Management

119
Q

________ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.

Executives

Analysts

Trainers

Managers

A

Executives

120
Q

A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy.

standard of conduct

business use only

company rights

unlawful activity prohibited

A

Company Rights

121
Q

Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees’ knowledge of their ________ and of potential penalties.

liability

accountability

incidents

regulations

A

accountability

122
Q

________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling.

Incident

Triage

Constituency

Handling

A

Triage

123
Q

The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

roles and responsibilities relative to IT systems

security basics and literacy

education and experience

security awareness

A

Education and Experience

124
Q

The _______ category is a transitional stage between awareness and training.

education and experiences

roles and responsibilities relative to IT systems

security awareness

security basics and literacy

A

Security basics and literacy

125
Q

CERT stands for ___________.

Compliance Emergency Response Technology

Compliance Error Repair Technology

Computer Error Response Team

Computer Emergency Response Team

A

Computer Emergency Response Team

126
Q

________ is explicitly required for all employees.

Security awareness

Roles and responsibilities relative to IT systems

Security basics and literacty

Education and experience

A

Security Awareness

127
Q

___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization.

System integrity verification tools

Network and host intrusion detection systems

Intrusion prevention systems

Log analysis tools

A

System Integrity Verification Tools

128
Q

________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits.

Artifacts

Vulnerabilities

CSIRT

Constituencies

A

Artifacts

129
Q

A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.

business use only

policy scope

company rights

disciplinary action

A

disciplinary action