Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 14 > Flashcards

IS3230 CHAPTER 14 Flashcards

1
Q

The use of software to control the execution of a test suite is called ___.

A

AUTOMATED TESTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A hole in system or network security placed deliberately either by system designers or attackers and also a way of quickly bypassing normal security measures is called ___.

A

BACKDOOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a penetration test, the ___ consists of IT staff who defend against the penetration testers. They are generally aware that a penetration test is happening but do not know what methods the penetration testers will user.

A

BLUE TEAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The outermost extremes of test conditions is called ___.

A

BOUNDARY CONDITIONS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An industry mailing list provided by Symantec that reports new vulnerabilities as they are discovered is called ___.

A

BUGTRAQ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An attack in which malicious code is introduced into an application. This type of attack is possible because of lax input validation in the target application and is called ___.

A

CODE INJECTIONS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A document that defines every data element and database table in a piece of software is called ___.

A

DATA DICTIONARY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

.The process of identifying the difference between reality–the current state of an organization’s IT infrastructure–and the organization’s security goals is called ___.

A

GAP ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The authorization memo, signed by a member of upper management, that states that a penetration test has been authorized and exactly what methods the test will include. Every member of a penetration testing team should carry a copy of this memo at all time to avoid misunderstandings with security and law enforcement and is called ___.

A

GET OUT OF JAIL FREE CARD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The process by which vulnerabilities are addressed to create a secure system is called ___.

A

HARDENING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The process of scanning the network to find out which Internet Protocol (IP) addresses are attached to interesting resources is called ___.

A

HOST DISCOVERY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The process of testing how individual components function together as a complete system is called ___.

A

INTEGRATION TESTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security testing methods that expo it possible vulnerabilities in order to prove their existence and potential impact is called ___.

A

INTRUSIVE TESTING METHODS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A way of measuring how software will perform with an average number of user, as well as how it will perform under extreme load conditions is called ___.

A

LOAD TESTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A proprietary security scanner developed by Tenable Network Security. It is network-centric with Web-based consoles and a central server is called ___.

A

NESSUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An open source port scanning and host detection utility is called ___.

17
Q

.Security testing methods that do not exploit possible vulnerabilities is called ___.

A

NONINTRUSIVE TESTING METHODS

18
Q

The act of simulating an attack on an organization’s resources to assess an infrastructure’s true vulnerability. This is an actual attack where testers use a variety of methods including social engineering, software hacking, and physical intrusion and is called ___.

A

PENETRATION TESTING

19
Q

A technique designed to probe a networks’s open ports looking for a weakness is called ___.

A

PORT SCANNING

20
Q

A high level abstraction of code used to outline the steps in an algorithm is called ___.

A

PSEUDOCODE

21
Q

In a penetration test, this team consists of penetration testers who have been given some background knowledge of the infrastructure is called ___.

22
Q

A graphically intensive vulnerability scanner is called ___.

23
Q

In a penetration test, theis team is comprised of testers who are given no knowledge of the infrastructure, and are attacking a target that is unaware of their existence until the attack is made and is called ___.

A

TIGER TEAM

24
Q

A method of testing that ensures that a specific function or module works as designed is called ___.

A

UNIT TESTING

25
Q
  1. It is necessary to consider security issues during every phase of the software development life cycle.
    TRUE OR FALSE
26
Q
  1. What occurs during the sunset phase of a security system’s life cycle?
  2. Electronic media is wiped clean
  3. Paper documentation is shredded or archived
  4. Old equipment is destroyed or disposed of in a secure manner.
  5. All the above
A

Electronic media is wiped clean
Paper documentation is shredded or archived
Old equipment is destroyed or disposed of in a secure manner.

27
Q
  1. Which of the following are primary activities for an information security team? (Select two)
  2. Researching new exploits
  3. Monitoring/incident handling
  4. Testing
  5. Upgrading security systems
A

Monitoring/incident handling

Testing

28
Q
  1. Port scanning is an example of ___ testing.
A

Nonintrusive

29
Q
  1. Penetration testing is an example of ___ testing.
30
Q
  1. Which of the following test is the most accurate way to test security incident response?
  2. Open
  3. Blind
  4. Double-blind
  5. Automated
A

Double-blind

31
Q
  1. Gap analysis in which domain focuses primarily on the effectiveness of an organization’s training program?
  2. User
  3. Workstation
  4. LAN
  5. LAN to WAN
  6. WAN
  7. System/Application
  8. Remote access
32
Q
  1. A Web application security scanner is a good tool to use when testing which domain?
  2. User
  3. Workstation
  4. LAN
  5. LAN to WAN
  6. WAN
  7. Remote access
33
Q
  1. Penetration testing is a risky operation for both the organization and the testers.
    TRUE OR FALSE
34
Q
  1. Which penetration testing team may be comprised of systems administrators in other departments of within an organization?
  2. Red
  3. Blue
  4. Tiger
  5. Orange
35
Q
  1. Which penetration testing team is comprised of systems administrators who defend the network and respond to the activities of the penetration testers?
  2. Red
  3. Blue
  4. Tiger
  5. Orange
36
Q
  1. Which penetration testing team is given no prior knowledge of the IT infrastructure and uses the same tools and strategies that an actual attacker would use?
  2. Red
  3. Blue
  4. Tiger
  5. Orange
37
Q
  1. The clean-up phase of a penetration test is the responsibility of which individual or group?
  2. Systems administrator
  3. Upper management
  4. Penetration testing team
  5. Help desk
A

Penetration testing team

38
Q
  1. A penetration test report should include which of the following? (Select three)
  2. Description of gaps and risk exposures found during the test
  3. List of passwords uncovered by the penetration testing team
  4. Remediation plans for closing security gaps
  5. Cost analysis and solution prioritization based on risk exposure
A

Description of gaps and risk exposures found during the test

Remediation plans for closing security gaps

Cost analysis and solution prioritization based on risk exposure

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions