Flash Cards

Question 1

Q

Administrative Controls

Answer

A

Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.

Question 2

Q

Annualized Rate of Occurrence (ARO)

Answer

A

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.

Question 3

Q

Arms Export Control Act of 1976

Answer

A

Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export.

Question 4

Q

Availability

Answer

A

The principle that ensures that information is available and accessible to users when needed.

Question 5

Q

Breach

Answer

A

An incident that results in the disclosure or potential exposure of data.

Question 6

Q

Compensating Controls

Answer

A

Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.

Question 7

Q

Compliance

Answer

A

Actions that ensure behavior that complies with established rules.

Question 8

Q

Confidentiality

Answer

A

Supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to- know basis.

Question 9

Q

Copyright

Answer

A

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs.

Question 10

Q

Corrective: Controls

Answer

A

Controls implemented to remedy circumstance, mitigate damage, or restore controls.

Question 11

Q

Data Disclosure

Answer

A

A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.

Question 12

Q

Detective Controls

Answer

A

Controls designed to signal a warning when a security control has been breached.

Question 13

Q

Deterrent Controls

Answer

A

Controls designed to discourage people from violating security directives.

Question 14

Q

Directive Controls

Answer

A

Controls designed to specify acceptable rules of behavior within an organization.

Question 15

Q

Due Care

Answer

A

The care a “reasonable person” would exercise under given circumstances.

Question 16

Q

Due Diligence

Answer

A

Is similar to due care with the exception that it is a pre-emptive measure made to avoid harm to other persons or their property.

Question 17

Q

Enterprise Risk Management

Answer

A

A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.

Question 18

Q

Export Administration Act of 1979

Answer

A

Authorized the President to regulate exports of civilian goods and technologies that have military applications.

Question 19

Q

Governance

Answer

A

Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated.

Question 20

Q

Incident

Answer

A

A security event that compromises the confidentiality, integrity, or availability of an information asset.

Question 21

Q

Integrity

Answer

A

Comes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network.

Question 22

Q

Information Security Officer

Answer

A

Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability.

Question 23

Q

Least Privilege

Answer

A

Granting users only the accesses that are required to perform their job functions.

Question 24

Q

Logical (Technical) Controls

Answer

A

Electronic hardware and software solutions implemented to control access to information and information networks.

Question 25

Q

Patent

Answer

A

Protects novel, useful, and nonobvious inventions.

Question 26

Q

Physical Controls

Answer

A

Controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called “operational controls” in some contexts.

Question 27

Q

Preventive Controls

Answer

A

Controls implemented to prevent a security incident or information breach.

Question 28

Q

Recovery Controls

Answer

A

Controls implemented to restore conditions to normal after a security incident.

Question 29

Q

Recovery Time Objective (RTO)

Answer

A

How quickly you need to have that application’s information available after downtime has occurred.

Question 30

Q

Recovery Point Objective (RPO)

Answer

A

The point in time to which data must be restored in order to successfully resume processing.

Question 31

Q

Risk

Answer

A

A combination of the probability of an event and its consequence (ISO 27000)
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with
a particular harmful result.(RFC 2828)

Question 32

Q

Risk Acceptance

Answer

A

The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.

Question 33

Q

Risk Avoidance

Answer

A

The practice of coming up with alternatives so that the risk in question is not realized.

Question 34

Q

Risk Mitigation

Answer

A

The practice of the elimination of or the significant decrease in the level of risk presented.

Question 35

Q

Risk Transfer

Answer

A

The practice of passing on the risk in question to another entity, such as an insurance company.

Question 36

Q

Risk Management

Answer

A

A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.

Question 37

Q

Single Loss Expectancy (SLE)

Answer

A

Defined as the difference between the original value and the remaining value of an asset after a single exploit.

Question 38

Q

Single Points of Failure (SPOF)

Answer

A

Any single input to a process that, if missing, would cause the process or several processes to be unable to function.

Question 39

Q

Trademark

Answer

A

Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.

Question 40

Q

Trade Secret

Answer

A

Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the business.

Question 41

Q

Vulnerability Assessment

Answer

A

Determines the potential impact of disruptive events on the organization’s business processes.

Question 42

Q

Wassenaar Arrangement

Answer

A

Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.

Question 43

Q

Categorization

Answer

A

The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.

Question 44

Q

Clearing

Answer

A

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.

Question 45

Q

Curie Temperature

Answer

A

The critical point where a material’s intrinsic magnetic alignment changes direction.

Question 46

Q

Data Classification

Answer

A

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.

Question 47

Q

Data Custodians

Answer

A

Ensure important datasets are developed, maintained, and accessible within their defined specifications.

Question 48

Q

Data Modeling

Answer

A

The methodology that identifies the path to meet user requirements.

Question 49

Q

Data Remanence

Answer

A

The residual physical representation of data that has been in some way erased.

Question 50

Q

Data Standards

Answer

A

Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.

Question 51

Q

Federal Information Processing Standards (FIPS)

Answer

A

The official series of publications relating to standards and guidelines adopted.

Question 52

Q

File Encryption Software

Answer

A

Allows greater flexibility in applying encryption to specific file(s).

Question 53

Q

Framework Core

Answer

A

A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.

Question 54

Q

Framework Implementation Tiers

Answer

A

Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.

Question 55

Q

Framework Profile

Answer

A

Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.

Question 56

Q

IT Asset Management (ITAM)

Answer

A

ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders.

Question 57

Q

Media Encryption Software

Answer

A

Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives.

Question 58

Q

The National Checklist Program (NCP)

Answer

A

The U.S. Government repository of publicly available security checklists (or benchmarks) that provide detailed low- level guidance on setting the security configuration of operating systems and applications.

Question 59

Q

NIST Computer Security Division (CSD)

Answer

A

Focuses on providing measurements and standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence

Question 60

Q

Purging

Answer

A

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Question 61

Q

Quality Assurance (QA)

Answer

A

An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.

Question 62

Q

Quality Control (QC)

Answer

A

An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.

Question 63

Q

Self-Encrypting USB Drives

Answer

A

Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.

Question 64

Q

Abstraction

Answer

A

Involves the removal of characteristics from an entity in order to easily represent its essential properties.

Answer 65

A

A two-dimensional table that allows for individual subjects and objects to be related to each other.

Answer 66

A

One-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).

Answer 67

A

Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.

Answer 68

A

Combining non-sensitive data from separate sources to create sensitive information.

Answer 69

A

A mathematical function that is used in the encryption and decryption processes.

Answer 70

A

Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.

Answer 71

A

This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.

Answer 72

A

The design, documentation, and management of the lowest layer of the OSI network model – the physical layer.

Answer 73

A

An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.

Answer 74

A

The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.

Answer 75

A

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management

Answer 76

A

Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.

Answer 77

A

Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.

Answer 78

A

Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.

Answer 79

A

Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance.

Answer 80

A

Communications mechanisms hidden from the access control and standard monitoring systems of an information system.

Answer 81

A

The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.

Answer 82

A

The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence.

Answer 83

A

Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.

Answer 84

A

Maintains activities at different security levels to separate these levels from each other.

Answer 85

A

A repository for information collected from a variety of data sources.

Answer 86

A

The reverse process from encoding – converting the encoded message back into its plaintext format.

Answer 87

A

Provided by mixing up the location of the plaintext throughout the ciphertext.

Answer 88

A

An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date

Answer 89

A

A broad range of technologies that grant control and protection to content providers over their own digital media.

Answer 90

A

Provide authentication of a sender and integrity of a sender’s message.

Answer 91

A

Focused on setting the long-term strategy for security services in the enterprise.

Answer 92

A

The storage of programs or instructions in ROM.

Answer 93

A

Provides a foundation upon which organizations can establish and review information technology security programs.

Answer 94

A

Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.

Answer 95

A

The ability to deduce (infer) sensitive or restricted information from observing available information.

Answer 96

A

Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering.

Answer 97

A

Accepts an input message of any length and generates, through a one-way operation, a fixed-length output

Answer 98

A

Used to control industrial processes such as manufacturing, product handling, production, and distribution.

Answer 99

A

Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.

Answer 100

A

Used to provide computing services in a small form factor with limited processing power.

Answer 101

A

The action of changing a message into another format through the use of a code.

Answer 102

A

A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

Answer 103

A

A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

Answer 104

A

When different encryption keys generate the same ciphertext from the same plaintext message.

Answer 105

A

The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.

Answer 106

A

This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.

Answer 107

A

A small block of data that is generated using a secret key and then appended to the message.

Answer 108

A

A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

Answer 109

A

A connectivity software that enables multiple processes running on one or more machines to interact.

Answer 110

A

A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.

Answer 111

A

A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.

Answer 112

A

An interoperable authentication protocol based on the OAuth 2.0 family of specifications.

Answer 113

A

A nonprofit organization focused on improving the security of software.

Answer 114

A

Divides the memory address space into equal-sized blocks called pages

Answer 115

A

Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.

Answer 116

A

The message in its natural format.

Answer 117

A

Stores data that has a high probability of being requested by the CPU.

Answer 118

A

In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.

Answer 119

A

Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.

Answer 120

A

Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Answer 121

A

This performs certificate registration services on behalf of a CA.

Answer 122

A

Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.

Answer 123

A

An XML-based standard used to exchange authentication and authorization information.

Answer 124

A

An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.

Answer 125

A

Dividing a computer’s memory into segments.

Answer 126

A

Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.

Answer 127

A

Attempt to take advantage of how a system handles multiple requests.

Answer 128

A

Describes the behavior of a system as it moves between one state and another, from one moment to another.

Answer 129

A

When a cryptosystem performs its encryption on a bit-by-bit basis.

Answer 130

A

Operate with a single cryptographic key that is used for both encryption and decryption of the message.

Answer 131

A

The process of exchanging one letter or byte for another.

Answer 132

A

The core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes.

Answer 133

A

An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.

Answer 134

A

The process of reordering the plaintext to hide the message.

Answer 135

A

This represents the time and effort required to break a protective measure.

Answer 136

A

A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.

Answer 137

A

Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts.

Answer 138

A

Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.

Answer 139

A

Sublayer that provides services for the application layer and request services from the session layer

Answer 140

A

Multiplex connected devices into one signal to be transmitted on a network

Answer 141

A

A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude

Answer 142

A

The process of transforming encrypted data back into its original form, so it can be understood.

Answer 143

A

A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer

Answer 144

A

A stateful protocol that requires two communication channels

Answer 145

A

Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules

Answer 146

A

This wireless technology spreads its signal over rapidly changing frequencies

Answer 147

A

Provides a means to send error messages for non-transient error conditions and provides a way to probe the network in order to determine general characteristics about the network.

Answer 148

A

Physical Layer

Answer 149

A

Data-Link Layer

Answer 150

A

Network Layer

Answer 151

A

Transport Layer

Answer 152

A

Session Layer

Answer 153

A

Presentation Layer

Answer 154

A

Application Layer

Answer 155

A

A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information

Answer 156

A

Allow users remote access to a network via analog phone lines

Answer 157

A

Layering model structured into seven layers (physical layer, data-link layer, network layer, transport layer, session layer, presentation layer, application layer)

Answer 158

A

A basic network mapping technique that helps narrow the scope of an attack

Answer 159

A

Involves a pair of keys-a public key and a private key-associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data

Answer 160

A

An authentication protocol used mainly in networked environments, such as ISPs, or for similar services requiring single sign-on for layer 3 network access, for scalable authentication combined with an acceptable degree of security.

Answer 161

A

Represent the ability to allow for the executing of objects across hosts

Answer 162

A

A program which can extract data from output on a display intended for a human

Answer 163

A

The first line of protection between trusted and untrusted networks

Answer 164

A

Sublayer that provides application specific services (protocols)

Answer 165

A

A method commonly used to modulate information into manageable bits that are sent over the air wirelessly

Answer 166

A

Layering model structured into four layers (link layer, network layer, transport layer, application layer)

Answer 167

A

A diagnostic tool that displays the path a packet traverses between a source and destination host

Answer 168

A

Provides connection-oriented data management and reliable data transfer

Answer 169

A

Provides a lightweight service for connectionless data transfer without error detection and correction

Answer 170

A

An encrypted tunnel between two hosts that allows them to securely communicate over an untrusted network

Answer 171

A

A technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line

Answer 172

A

Links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for Internet access

Answer 173

A

A wireless network made up of radio nodes organized in a mesh topology

Answer 174

A

A type of wireless network that connects several wireless LANs

Answer 175

A

Interconnect devices within a relatively small area that is generally within a person’s reach

Answer 176

A

Used to enter secured areas of a facility and are used in conjunction with a badge reader to read information stored on the badge

Answer 177

A

Physical or electronic systems designed to control who, or what, has access to a network

Answer 178

A

Systems that attempt to streamline the administration of user identity across multiple systems

Answer 179

A

The process of verifying the identity of the user

Answer 180

A

The process of defining the specific resources a user needs and determining the type of access to those resources the user may have

Answer 181

A

A hardware device that contains non- programmable logic and non-volatile storage dedicated to all cryptographic operations and protection of private keys.

Answer 182

A

The process of establishing confidence in user identities electronically presented to an information system

Answer 183

A

Protects enterprise assets and provides a history of who gained access and when the access was granted

Answer 184

A

Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud

Answer 185

A

The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be, and establishing a reliable relationship

Answer 186

A

Developing standard for authenticating network users. Kerberos offers two key benefits: it functions in a multi-vendor network, and it does not transmit passwords over the network.

Answer 187

A

Protection mechanisms that limit users’ access to information and restrict their forms of access on the system to only what is appropriate for them

Answer 188

A

A 48-bit number (typically represented in hexadecimal format) that is supposed to be globally unique

Answer 189

A

Access control that requires the system itself to manage access controls in accordance with the organization’s security policies

Answer 190

A

Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.

Answer 191

A

A system that manages passwords consistently across the enterprise

Answer 192

A

Allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location

Answer 193

A

A non-contact, automatic identification technology that uses radio signals to identify, track, sort and detect a variety of objects including people, vehicles, goods and assets without the need for direct contact

Answer 194

A

An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization

Answer 195

A

An access control model that based on a list of predefined rules that determine what accesses should be granted

Answer 196

A

A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains

Answer 197

A

Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested

Answer 198

A

A unified login experience (from the viewpoint of the end user) when accessing one or more systems

Answer 199

A

A local hardware encryption engine and secured storage for encryption keys

Answer 200

A

Provides the system with a way of uniquely identifying a particular user amongst all the users of that system

Answer 201

A

A list of the most widespread and critical errors that can lead to serious vulnerabilities in software.

Answer 202

A

Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges.

Answer 203

A

A manual review of the product architecture to ensure that it fulfills the necessary security requirements.

Answer 204

A

Tests an application for the use of system components or configurations that are known to be insecure.

Answer 205

A

This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.

Answer 206

A

This criteria requires sufficient test cases for each feasible data flow to be executed at least once.

Answer 207

A

Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.

Answer 208

A

Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

Answer 209

A

Real-time monitoring of events as they happen in a computer system or network, using audit trail records and network traffic and analyzing events to detect potential intrusion attempts.

Answer 210

A

Any hardware or software mechanism that has the ability to detect and stop attacks in progress.

Answer 211

A

This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.

Answer 212

A

A Use Case from the point of view of an Actor hostile to the system under design.

Answer 213

A

This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.

Answer 214

A

Ensures the application can gracefully handle invalid input or unexpected user behavior.

Answer 215

A

This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.

Answer 216

A

Determines that your application works as expected.

Answer 217

A

An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.

Answer 218

A

The determination of the impact of a change based on review of the relevant documentation.

Answer 219

A

The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.

Answer 220

A

This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.

Answer 221

A

Analysis of the application source code for finding vulnerabilities without actually executing the application.

Answer 222

A

Involves having external agents run scripted transactions against a web application.

Answer 223

A

Operational actions performed by OS components, such as shutting down the system or starting a service.

Answer 224

A

A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.

Answer 225

A

Abstract episodes of interaction between a system and its environment.

Answer 226

A

The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.

Answer 227

A

The authentication process by which the biometric system matches a captured biometric against the person’s stored template.

Answer 228

A

Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.

Answer 229

A

Intermediate hosts through which websites are accessed.

Answer 230

A

A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.

Answer 231

A

Device that uses passive listening devices

Answer 232

A

Accounts that are assigned only to named individuals that require administrative access to the system to perform maintenance activities, and should be different and separate from a user’s normal account.

Answer 233

A

Devices that use a magnetic field or mechanical contact to determine if an alarm signal is initiated

Answer 234

A

The who, what, when, where, and how the evidence was handled—from its identification through its entire life cycle, which ends with destruction, permanent archiving, or returning to owner.

Answer 235

A

A lock controlled by touch screen, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry

Answer 236

A

A discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems

Answer 237

A

A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise.

Answer 238

A

The practice of monitoring and potentially restricting the flow of information outbound from one network to another

Answer 239

A

A focused infrared (IR) light beam is projected from an emitter and bounced off of a reflector that is placed at the other side of the detection area

Answer 240

A

Provide a quick way to disable a key by permitting one turn of the master key to change a lock

Answer 241

A

A technology that alerts organizations to adverse or unwanted activity

Answer 242

A

The party to party litigation costs resulting from its breach of warranties

Answer 243

A

A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity.

Answer 244

A

Decoy servers or systems setup to gather information regarding an attacker or intruder into your system

Answer 245

A

A centralized collection of honeypots and analysis tools

Answer 246

A

Two or more honeypots on a network

Answer 247

A

Data that are dynamic and exist in running processes or other volatile locations (e.g., system/device RAM) that disappear in a relatively short time once the system is powered down

Answer 248

A

States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange

Answer 249

A

Consist of a magnetically sensitive strip fused onto the surface of a PVC material, like a credit card

Answer 250

A

A lock or latch that is recessed into the edge of a door, rather than being mounted to its surface.

Answer 251

A

Accounts granted greater privileges than normal user accounts when it is necessary for the user to have greater control over the system, but where administrative access is not required

Answer 252

A

Identifies any unacceptable deviation from expected behavior based on known network protocols

Answer 253

A

Use embedded antenna wires connected to a chip within the card through RF.

Answer 254

A

Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance

Answer 255

A

The measure of the existing magnetic field on the media after degaussing

Answer 256

A

A lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock

Answer 257

A

A form of software virtualization that lets programs and processes run in their own isolated virtual environment

Answer 258

A

A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation

Answer 259

A

Accounts used to provide privileged access used by system services and core applications

Answer 260

A

Credential cards with one or more microchip processing that accepts or processes information and can be contact or contact less.

Answer 261

A

Analyzes event data by comparing it to typical, known, or predicted traffic profiles in an effort to find potential security breaches

Answer 262

A

The science of hiding information

Answer 263

A

Identifies any unacceptable deviation from expected behavior based on actual traffic structure

Answer 264

A

Send induced radio frequency (RF) signals down a cable that is attached to the fence fabric

Answer 265

A

A Microsoft high-level interface for all kinds of data.

Answer 266

A

Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.

Answer 267

A

A set of standards that addresses the need for interoperability between hardware and software products.

Answer 268

A

A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.

Answer 269

A

Monitoring and managing changes to a program or documentation.

Answer 270

A

An information flow that is not controlled by a security control.

Answer 271

A

The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.

Answer 272

A

The practice of examining large databases in order to generate new information.

Answer 273

A

A suite of application programs that typically manages large, structured sets of persistent data.

Answer 274

A

Describes the relationship between the data elements and provides a framework for organizing the data.

Answer 275

A

An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate.

Answer 276

A

A record of the events occurring within an organization’s systems and networks.

Answer 277

A

A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.

Answer 278

A

Development models that allow for successive refinements of requirements, design, and coding.

Answer 279

A

A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.

Answer 280

A

Information about the data.

Answer 281

A

A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development.

Answer 282

A

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner.

Answer 283

A

Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.

Answer 284

A

Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.

Answer 285

A

The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.

Answer 286

A

A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.

Brainscape's Knowledge GenomeTM

Flash Cards

Brainscape's Knowledge Genome^TM