Midterm 2 Key Definitions

Question 1

Vulnerability

Answer 1

A flaw or weakness in a program

Question 2

Exploit

Answer 2

Software code that can be used to take advantage of a flaw and compromise a system

Question 3

Authentication

Answer 3

Verification of claimed identity

Question 4

Authorization

Answer 4

Restricting the actions that a user is permitted to perform

Question 5

Demilitarized Zone (DMZ)

Answer 5

A subnetwork that is accessible from the Internet but separate from the organization’s internal network

Question 6

Deep Packet Inspection

Answer 6

A firewall technique that filters traffic by examining not just packet header information but also the contents of a packet

Question 7

Router

Answer 7

A device that uses the Internet Protocol (IP) to send packets across networks

Question 8

Social Engineering

Answer 8

AN attack that involves deception to obtain access

Question 9

Firewall

Answer 9

A device that provides perimeter security by filtering packets

Question 10

Hardening

Answer 10

Improving security by removal or disabling of unnecessary programs and features

Question 11

CIRT

Answer 11

The set of employees assigned responsibility for resolving problems and incidents

Question 12

Patch

Answer 12

Code that corrects a flaw in a program

Question 13

Virtualization

Answer 13

The process of running multiple machines on one physical server

Question 14

Change control and change management

Answer 14

A plan to ensure that modifications to an information system do not reduce its security

Question 15

Packet Filtering

Answer 15

The firewall technique that filters traffic by examining only the information in packet headers to test the rules in an ACL

Question 16

Border Router

Answer 16

The device that connects the organization to the Internet

Question 17

Vulnerability Scan

Answer 17

A detective control that identifies weaknesses in devices or software

Question 18

Penetration Test

Answer 18

A dest that determines the time it takes to compromise a system

Question 19

Patch Management

Answer 19

The process of applying code supplied by a vendor’s software

Question 20

Cloud Computing

Answer 20

An arrangement whereby a user remotely accesses software, hardware, or other resources via a browser

Question 21

Virtual Private Network (VPN)

Answer 21

An encrypted tunnel used to transmit information securely across the Internet

Question 22

Data Loss Prevention (DLP)

Answer 22

A procedure to filter outgoing traffic to prevent confidential information from leaving

Question 23

Digital Signature

Answer 23

A hash encrypted with the creator’s private key

Question 24

Digital Certificate

Answer 24

Used to store an entity’s public key, often found on web sites

Question 25

Data Masking

Answer 25

Replacing real data with fake data

Question 26

Symmetric encryption

Answer 26

An encryption process that uses the same key to both encrypt and decrypt

Question 27

Spam

Answer 27

Unwanted email

Question 28

Plaintext

Answer 28

A document or file that can be read by anyone who accesses it

Question 29

Hashing

Answer 29

A process that transforms a document or file into a fixed length string of data

Question 30

Ciphertext

Answer 30

A document or file that must be decrypted to be read

Question 31

Information Rights Management (IRM)

Answer 31

Software that limits what actions (read, copy, print, etc.) users granted access to a file or document can perform

Question 32

Certificate Authority

Answer 32

A company that issues pairs of public and private keys and verifies the identity of the owner of those keys

Question 33

Non-repudiation

Answer 33

The inability to unilaterally deny having created a document or file or having agreed to perform a transaction

Question 34

Digital Watermark

Answer 34

A secret mark used to identify proprietary information

Question 35

Asymmetric Encryption

Answer 35

An encryption process that uses a pair of matched keys, one public and the other private. Either key can encrypt something, but only the other key in that pair can decrypt it

Question 36

Key Escrow

Answer 36

A copy of an encryption key stored securely to enable decryption if the original encryption key becomes unavailable

Question 37

Business Continuity Plan (BCP)

Answer 37

A plan that describes how to resume business operations after a major calamity, like Hurricane Katrina, that destroys not only an organization’s data center but also its headquarters.

Question 38

Completeness Check

Answer 38

An application control that ensures that a customer’s ship-to address is entered in a sales order.

Question 39

Hash Total

Answer 39

A batch total that does not have any intrinsic meaning.

Question 40

Incremental Daily Backup

Answer 40

A daily backup procedure that copies only the activity that occurred on that particular day.

Question 41

Archive

Answer 41

A file used to store information for long periods of time

Question 42

Field Check

Answer 42

A data-entry application control that could be used to verify that only numeric data is entered into a field.

Question 43

Sign Check

Answer 43

An application control that verifies that the quantity ordered is greater than 0.

Question 44

Cold Site

Answer 44

A disaster recovery plan that contracts for use of an alternate site that is pre-wired for Internet connectivity but has no computing or network equipment

Question 45

Limit Check

Answer 45

An application control that tests whether a customer is 18 or older.

Question 46

Zero-Balance Test

Answer 46

An application control that makes sure an account does not have a balance after processing.

Question 47

Recovery Point Objective (RPO)

Answer 47

The amount of data an organization is willing to re-enter or possibly lose in the event of a disaster

Question 48

Recovery Time Objective (RTO)

Answer 48

A measure of the length of time that an organization is willing to function without its information system.

Question 49

Record Count

Answer 49

A batch total that represents the number of transactions processed.

Question 50

Validity Check

Answer 50

An application control that verifies that an account number entered in a transaction record matches an account number in the related master file.

Question 51

Check Digit Verification

Answer 51

A data-entry application control that verifies the accuracy of an account number by recalculating the last number as a function of the preceding numbers.

Question 52

Closed-Loop Verification

Answer 52

A data-entry application control that displays the value of a data item and asks the user to verify that the system has accessed the correct record.

Question 53

Parity Checking

Answer 53

A control that verifies that all data was transmitted correctly by counting the number of odd or even bits.

Question 54

Reasonable Test

Answer 54

An application control that validates the correctness of one data item in a transaction record by comparing it to the value of another data item in that transaction record.

Question 55

Financial Total

Answer 55

A batch total that represents the total dollar value of a set of transactions.

Question 56

Turnaround Document

Answer 56

A document sent to an external party and subsequently returned so that preprinted data can be scanned rather than manually reentered.