P

Question 1

password

Answer 1

A sequence of characters used to prove one’s identity. It is used during a logon process and should be highly protected.

Question 2

payment card industry data security standard (PCI DSS)

Answer 2

An information security standard for organizations that are involved in payment card transactions.

Question 3

penetration

Answer 3

A successful attempt at circumventing security controls and gaining access to a system.

Question 4

penetration testing

Answer 4

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack that a malicious hacker would carry out. This is done so that vulnerabilities and weaknesses can be uncovered.

Question 5

permissions

Answer 5

The type of authorized interactions that a subject can have with an object. Examples include read, write, execute, add, modify, and delete.

Question 6

personnel security

Answer 6

The procedures that are established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances. Procedures confirm a person’s background and provide assurance of necessary trustworthiness.

Question 7

physical controls

Answer 7

Controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls.

Question 8

physical security

Answer 8

Controls and procedures put into place to prevent intruders from physically accessing a system or facility. The controls enforce access control and authorized access.

Question 9

piggyback

Answer 9

Unauthorized access to a system by using another user’s legitimate credentials.

Question 10

plaintext

Answer 10

In cryptography, the original readable text before it is encrypted.

Question 11

playback attack

Answer 11

Capturing data and resending the data at a later time in the hope of tricking the receiving system. This is usually carried out to obtain unauthorized access to specific resources.

Question 12

privacy

Answer 12

A security principle that protects an individual’s information and employs controls to ensure that this information is not disseminated or accessed in an unauthorized manner.

Question 13

procedure

Answer 13

Detailed step-by-step instructions to achieve a certain task, which are used by users, IT staff, operations staff, security members, and others.

Question 14

protection ring

Answer 14

An architecture that provides hierarchies of privileged operation modes of a system, which gives certain access rights to processes that are authorized to operate in that mode. Supports the integrity and confidentiality requirements of multitasking operating systems and enables the operating system to protect itself from user programs and rogue processes.

Question 15

protocol

Answer 15

A set of rules and formats that enables the standardized exchange of information between different systems.

Question 16

pseudo-flaw

Answer 16

An apparent loophole deliberately implanted in an operating system or program as a trap for intruders.

Question 17

public key encryption

Answer 17

A type of encryption that uses two mathematically related keys to encrypt and decrypt messages. The private key is known only to the owner, and the public key is available to anyone.

Question 18

public key infrastructure (PKI)

Answer 18

A framework of programs, procedures, communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely.

Question 19

purge

Answer 19

The removal of sensitive data from a system, storage device, or peripheral device with storage capacity at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data cannot be reconstructed.