Physical & Information Security

Question 1

Process by which an organization protects the creation, collection, storage, use, transmission and disposal of information.

Answer 1

Information Security

Question 2

Process of verifying the identity of an individual user, machine, software component or any other entity.

Answer 2

Authentication

Question 3

Something a person is, something a person knows or something a person has.

Answer 3

Authentication Factor

Question 4

Method to verify an identity using one type of authentication factor.

Answer 4

Single-Factor Authentication

Question 5

Method to verify an identity using two or more types of authentication factors.

Answer 5

Multifactor Authentication

Question 6

Use of different controls at different points in a transaction process.

Answer 6

Layered Security

Question 7

Name the authentication factor represented by a biometric characteristic, such as a fingerprint or iris pattern.

Answer 7

Something a Person Is

Question 8

Name the authentication factor represented by a password or PIN.

Answer 8

Something a Person Knows

Question 9

Name the authentication factor represented by an ATM/debit card, smart card or token.

Answer 9

Something a Person Has

Question 10

Challenge questions that do not rely on information that is publicly available.

Answer 10

Out-of-Wallet Questions

Question 11

Technique used to establish a “fingerprint identity” of a user’s computer or other web access device.

Answer 11

Device Identification

Question 12

Authentication technique that uses one-time cookies, PC configuration, IP address, geo-location and other factors.

Answer 12

Complex Device Identification

Question 13

A data security technique that encodes information so that data appears as a meaningless string of letters and symbols during delivery or transmission.

Answer 13

Encryption

Question 14

Disposal technique used to destroy sensitive, electronic data on devices by replacing it with new, random data.

Answer 14

Overwriting

Question 15

Disposal technique using powerful, varying magnetic fields to scramble data recorded on media.

Answer 15

Degaussing

Question 16

Two main types of access control.

Answer 16

(1) Physical access control, (2) Logical access control

Question 17

Access control that limits access to buildings, rooms and physical IT assets.

Answer 17

Physical Access Control

Question 18

Access control that limits connections to computer networks, system files and data.

Answer 18

Logical Access Control

Question 19

Security technique used to regulate who or what can view or use resources in a computing environment.

Answer 19

User Access Controls

Question 20

A weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.

Answer 20

Vulnerability

Question 21

Systematic examination of an information system or product to determine the adequacy of security measures and identify security deficiencies.

Answer 21

Vulnerability Analysis

Question 22

Systematic examination of systems to identify, quantify and prioritize the security deficiencies of the systems.

Answer 22

Vulnerability Assessment