Domain 3 Flashcards

1
Q

Audit

A

Independent review and examination of records and activities to assess the inadequacy of system controls, to ensure compliance with established policies and operational procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Crime prevention through environmental design or cpted

A

An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Defense in depth

A

Information security strategy integrating people technology and operations capabilities to establish variable barriers across multiple layers and missions of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Discretionary access control or DAC

A

A certain amount of Access Control is left to the discretion of the object’s owner or anyone else who is authorized to control the objects access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encrypt

A

To protect private information by putting it into a form that can only be read by people who have permission to do so

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Firewalls

A

Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Insider threat

A

An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and / or denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IOS

A

An operating system manufactured by Apple used for mobile devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Layered defense

A

The use of multiple controls arranged in series to provide several consecutive controls to protect an asset semicolon also called defense and depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Linux

A

An operating system that is open source, making its source code legally available to end users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Log anomaly

A

A system irregularity that is identified when studying log entries which could represent events of interest for further surveillance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Logging

A

Collecting and storing user activities in a log which is a record of the events occurring within an organization systems and networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Logical Access Control Systems

A

An automated system that controls an individual’s ability to access one or more computer system resources, such as workstation, network, application or database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Mandatory Access Control

A

Access control that requires the system itself to manage access controls in accordance with the organization’s security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Man Trap

A

An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Object

A

Passive information system related entity like devices, files, records, tables, processes, programs, and domains. Containing or receiving information

17
Q

Physical access controls

A

Controls implemented through a tangible mechanism examples include walls, fences, guards, and locks

18
Q

Principle of least privilege

A

The principal the users and programs should have only the minimum privileges necessary to complete their tasks

19
Q

Privileged account

A

An information system account with approved authorizations of a privileged user

20
Q

Ransomware

A

A type of malicious software that locks the computer screen or files, thus preventing or limiting a user from accessing their system and data until money is paid

21
Q

Role based access control or rbac

A

And access control system that sets up user permissions based on roles

22
Q

Rule

A

An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list

23
Q

Segregation of duties

A

The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce Insider threats. Also commonly known as separation of duties

24
Q

Subject

A

Generally an individual, process or device causing information to flow among objects or change to the system state

25
Q

Technical controls

A

The security controls or safeguards for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware software or firmware components of the system

26
Q

Turn Style

A

A one-way spinning door or barrier that allows only one person at a time to enter a building or pass through an area

27
Q

Unix

A

An operating system used in software development

28
Q

System provisioning oops I mean user provisioning

A

The process of creating maintaining and deactivating user identities on a system