L03 Flashcards

1
Q

Vulnerability Management Life Cycle

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk Management

A

Does not mean removing all risk, but implementing the following:

  • identify the risk
  • measure the risk (how likely is it?, how serious would it be?
  • monitor and report the risk
  • control the risk
  • audit and adjust the risk management process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Patch Deployment

A

Software code is written to solve a software issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Manual Protection of Vulnerabilites

A

Network managers/technicians take steps to remove or reduce the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Automated Tools used for Protection of Vulnerabilites

A

Tools can identify and repair vulnerabilities without human intervention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hardware Resources

A

servers, computers, tablets, printers, scanners, plotters, cameras

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Software Resources

A

word processors, databases, spreadsheets, utilities, bespoke software, financial packages etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Communication Equipment

A

hubs, routers, bridges, gateways, modems, cabling, telephone systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Information and Data

A

customer data, employee records, contract data, financial reports, production figures, production costs, sales figures, marketing information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vulnerability assessment

A

Tools to discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot.

Vulnerability scanners alert companies to the pre-existing flaws in their code and where they are located.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Penetration test

A

is an authorised simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Honeypot

A

A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target.

It can also be used to gain information about how cybercriminals operate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fuzz testing

A

software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sandboxing

A

is an isolated computing environment in which a program or file can be executed without affecting the application in which it runs. Sandboxes are used by software developers to test new programming code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Asset

A

anything of value owned by an individual or organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Biometrics

A

Means the identification of individuals by using their biological characteristics or body parts. These include fingerprints, retinal or iris scans or facial recognition.

17
Q

Software controls

A

any computer program designed to enhance information security and defend computers against intrusion (malware) and unauthorized access.

· Firewalls

· Anti-malware

· Operating system updates

· Patch management

18
Q

Intrusion Detection System (IDS)

A

is a device or software application that monitors a network or systems for malicious activity or policy violations and notifies the relavant managers of a potential intrusion

19
Q

Network Intrusion Detection System (NDIS)

A

installed only at specific points such as servers that interface between the outside environment and the network segment to be protected.

20
Q

Host Intrusion Detection System (HDIS)

A

are methods of security management for computers, e.g. anti-threat applications such as firewalls, antivirus software and spyware-detection programs are installed on every network computer that has two-way access to the outside environment such as the Internet.

21
Q

Intrusion Prevention Systems (IPS)

A

Devices or programs that detect attempts at intrusion and take action to prevent them.

22
Q

Encryption

A

The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

23
Q

Asymmetric encryption

A

A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.

24
Q

Symmetric encryption

A

As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.

25
Q

Bring your own device (BYOD)

A

Refers to the policy of permitting employees to bring personally owned devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.

26
Q

Procedures and Policies

A
  • Acceptable use
  • Email policy
  • Password protection policy
  • Disaster recovery plan
27
Q

Cryptography

A

Is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.

Techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.