Security Operations Domain

Question 1

Identifies any unacceptable deviation from expected behavior based on actual traffic structure

Answer 1

Traffic anomaly-based IDS

Question 2

The science of hiding information

Answer 2

Steganography

Question 3

Analyzes event data by comparing it to typical, known, or predicted traffic profiles in an effort to find potential security breaches

Answer 3

Statistical Anomaly-based IDS

Question 4

Credential cards with one or more microchip processing that accepts or processes information and can be contact or contact less

Answer 4

Smart Cards

Question 5

Accounts used to provide privileged access used by system services and core applications

Answer 5

Service accounts

Question 6

A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation

Answer 6

Security Information and Event Management (SIEM)

Question 7

A form of software virtualization that lets programs and processes run in their own isolated virtual environment

Answer 7

Sandboxing

Question 8

A lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock

Answer 8

Rim Lock

Question 9

The measure of the existing magnetic field on the media after degaussing

Answer 9

Remanence

Question 10

Essential activities to protect business information and can be established in compliance with laws, regulations or corporate governance

Answer 10

Records and Information Management (RIM)

Question 11

Use embedded antenna wires connected to a chip within the card through RF

Answer 11

Proximity Card (Prox Card)

Question 12

Identifies any unacceptable deviation from expected behavior based on known network protocols

Answer 12

Protocol Anomaly-Based IDS

Question 13

Accounts granted greater privileges than normal user accounts when it is necessary for the user to have greater control over the system, but where administrative access is not required

Answer 13

Power Users

Question 14

Consist of a magnetically sensitive strip fused onto the surface of a PVC material, like a credit card

Answer 14

Magnetic Stripe (mag stripe) cards

Question 15

Data that are dynamic and exist in running processes or other volatile locations (e.g, system/device RAM) that disappear in a relatively short time once the system is powered down

Answer 15

Live evidence

Question 16

Two or more honeypots on a network

Answer 16

Honeynet

Question 17

A centralized collection of honeypots and analysis tools

Answer 17

Honeyfarm

Question 18

Decoy servers or systems setup to gather information regarding an attacker or intruder into your system

Answer 18

Honeypot

Question 19

A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity

Answer 19

Intrusion Prevention System (IPS)

Question 20

A technology that alerts organizations to adverse or unwanted activity

Answer 20

Intrusion Detection System (IDS)

Question 21

A focused infrared (IR) light beam is projected from an emitter and bounced off of a reflector that is placed at the other side of the detection area

Answer 21

Infrared Linear Beam Sensors

Question 22

The practice of monitoring and potentially restricting the flow of information outbound from one network to another

Answer 22

Egress filtering

Question 23

A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise

Answer 23

Data Leak Prevention (DLP)

Question 24

A discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems

Answer 24

Configuration Management (CM)

Question 25

A lock controlled by touch screen typically 5 to 10 digits that when pushed in the right combination the lock will relase and allow entry

Answer 25

Cipher Lock

Question 26

The who, what, when, where and how the evidence was handled - from its indentification through its entire life cycle, which ends with destruction, permanent archiving or returning to owner

Answer 26

Chain of Custody

Question 27

Devices that use a magnetic field or mechanical contact to determine if an alarm signal is initiated

Answer 27

Balanced Magnetic Switch (BMS)

Question 28

Accounts that are assigned only to named infividuals that require administrative access to the system to perform maintenance activities and should be different and separate from a user’s normal account

Answer 28

Administrator Accounts

Question 29

Device that uses passive listening devices

Answer 29

Acoustic Sensors

Question 30

States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange

Answer 30

Locard’s exchange principle

Question 31

A lock or latch that is recessed into the edge of a door, rather that being mounted to its surface

Answer 31

Mortise Lock

Question 32

The party to party litigation costs resulting from its breach of warranties

Answer 32

Indemnification

Question 33

Provide a quick way to disable a key by permitting one turn of the master key to change a lock

Answer 33

Instant Keys

Question 34

Send induced radio frequency (RF) signals down a cable that is attached to the fence fabric

Answer 34

Time Domain Reflectometry (TDR)