Physical& Information Security (2)

Question 1

Information Security

Answer 1

Process by which an organization protects the creation, collection, storage, use, transmission and disposal of information.

Question 2

Authentication

Answer 2

Process of verifying the identity of an individual user, machine, software component or any other entity.

Question 3

Authentication Factor

Answer 3

Something a person is, something a person knows or something a person has.

Question 4

Single-Factor Authentication

Answer 4

Method to verify an identity using one type of authentication factor.

Question 5

Multifactor Authentication

Answer 5

Method to verify an identity using two or more types of authentication factors.

Question 6

Layered Security

Answer 6

Use of different controls at different points in a transaction process.

Question 7

Something a Person Is

Answer 7

Name the authentication factor represented by a biometric characteristic, such as a fingerprint or iris pattern.

Question 8

Something a Person Knows

Answer 8

Name the authentication factor represented by a password or PIN.

Question 9

Something a Person Has

Answer 9

Name the authentication factor represented by an ATM/debit card, smart card or token.

Question 10

Out-of-Wallet Questions

Answer 10

Challenge questions that do not rely on information that is publicly available.

Question 11

Device Identification

Answer 11

Technique used to establish a “fingerprint identity” of a user’s computer or other web access device.

Question 12

Complex Device Identification

Answer 12

Authentication technique that uses one-time cookies, PC configuration, IP address, geo-location and other factors.

Question 13

Encryption

Answer 13

A data security technique that encodes information so that data appears as a meaningless string of letters and symbols during delivery or transmission.

Question 14

Overwriting

Answer 14

Disposal technique used to destroy sensitive, electronic data on devices by replacing it with new, random data.

Question 15

Degaussing

Answer 15

Disposal technique using powerful, varying magnetic fields to scramble data recorded on media.

Question 16

(1) Physical access control, (2) Logical access control

Answer 16

Two main types of access control.

Question 17

Physical Access Control

Answer 17

Access control that limits access to buildings, rooms and physical IT assets.

Question 18

Logical Access Control

Answer 18

Access control that limits connections to computer networks, system files and data.

Question 19

User Access Controls

Answer 19

Security technique used to regulate who or what can view or use resources in a computing environment.

Question 20

Vulnerability

Answer 20

A weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.

Question 21

Vulnerability Analysis

Answer 21

Systematic examination of an information system or product to determine the adequacy of security measures and identify security deficiencies.

Question 22

Vulnerability Assessment

Answer 22

Systematic examination of systems to identify, quantify and prioritize the security deficiencies of the systems.