Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS3120 NETWORK COMMUNICATIONS INFRASTRUCTURE > IS 3120 CHAPTER 15 > Flashcards

IS 3120 CHAPTER 15 Flashcards

1
Q

A collection of all the vulnerable points of a system

A

Attack surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The security requirement that information be available to authorized users when they want it.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Process that results in a list of activities necessary for an organization to conduct business operations.

A

Business impact analysis (BIA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Multiple countermeasures that an attacker must compromise to reach any protected resource. It is often described as a series of concentric rings around protected resources.

A

Defense in depth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A separate network that allows connections from external networks and internal LANs; in most cases, it is separated from each network by a firewall.

A

Demilitarized zone (DMZ)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A program or dedicated hardware device that inspects network traffic passing through it. It then denies or permits that traffic based on a set of rules determined from a stored configuration.

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A special team formed to handle security incidents when they occur.

A

Incident response team (IRT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The security principle that users possess only the minimum access privileges that need to compete their assigned tasks.

A

Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

.A method that ranks risks relative to one another

A

Qualitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A method that associates a dollar value, or cost, with each risk.

A

Quantitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The likelihood that an attack will successfully expo it a vulnerability.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The process of identifying and addressing all risks.

A

Risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Any event that results in a violation of any of the “CIA” (confidentiality, integrity, and availability)

A

Security breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A countermeasure that protects resources from attack.

A

Security control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An analysis that identifies known vulnerabilities for which there are no security controls in place.

A

Security gap analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The three basic properties of information security: confidentiality, integrity, and availability.

A

Security triad

17
Q

Any action that could damage an asset

A

Threat

18
Q

Any weakness in a system that makes it possible for a threat to cause it harm.

A

Vulnerability

19
Q
  1. The right mix of security controls can make a network completely secure.
    TRUE OR FALSE
A

FALSE

20
Q
  1. The CIA triad includes which three security properties?
  2. Consistency, integrity, authorization
  3. Confidentiality, isolated, authorization
  4. Confidentiality, integrity, availability
  5. consistency, isolated, availability
A

Confidentiality, integrity, availability

21
Q
  1. Which security property assures that only authorized users can modify sensitive information?
  2. Confidentiality
  3. Integrity
  4. Consistency
  5. Isolated
A

Integrity

22
Q
  1. Which term describes the cumulative opportunities for attackers to compromise a system?
  2. Risks
  3. Present threats
  4. Known vulnerabilities
  5. Attack surface
A

Attack surface

23
Q
  1. A ___ is any event that results in a violation of any of the CIA security properties.
A

Security Breach

24
Q
  1. An eavesdropping attack violates which CIA property?
  2. Confidentiality
  3. Integrity
  4. Consistency
  5. Isolated
A

Confidentiality

25
Q
  1. Which term best describes any event that could damage an asset?
  2. Event
  3. Threat
  4. Risk
  5. Vulnerability
A

Threat

26
Q
  1. Which term best describes any weakness in a system that can allow an attack to clause harm?
  2. Event
  3. Threat
  4. Risk
  5. Vulnerability
A

Vulnerability

27
Q
  1. A ___ risk assessment ranks risks relative to one another.
A

Qualitative

28
Q
  1. Which of the following courses of action is best if the cost to mitigate a risk exceeds the expected loss if the risk is realized?
  2. Mitigate
  3. Assign
  4. Accept
  5. Avoid
A

Accept

29
Q
  1. Insurance is a common form of which type of risk handling?
  2. Mitigate
  3. Assign
  4. Accept
  5. Avoid
A

Assign

30
Q
  1. Which of the following best describes the principle of least privilege?
  2. Allow users only the minimum access required to complete assigned tasks
  3. Allow users the maximum access allowed for their job function
  4. Restrict users from accessing any data they do not need to know
  5. Ensure users have at least the minimum access required to complete assigned tasks
A

Allow users only the minimum access required to complete assigned tasks

IS3120 NETWORK COMMUNICATIONS INFRASTRUCTURE (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions