Vocab Flashcards

Learn CSSLP related vocab

1
Q

*-property

A

An aspect of the Bell-Lapadula security model that is commonly referred to as the “no-write-down” rule because it doesn’t allow a user to write to a file with a lower security classification thus preserving confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3DES

A

Triple DES encryption. Three rounds of DES encryption used to improve security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

802.11

A

A family of standards that describe network protocols for wireless devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

802.1X

A

An IEEE standard for performing authentication over networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Abuse Case

A

A use case built around a work process designed to abuse a normal work process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Acceptance Testing

A

The formal analysis that is done to determine whether a system or software product satisfies its acceptance criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AUP, Acceptable Use Policy

A

Acceptable Use Policy. A policy that communicates to users what specific uses of computer resources are permitted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access

A

A subjects ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access Control

A

Mechanisms or methods used to determine what access permissions subjects (such as a users) have for specific objects (such as files).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Access Control List (ACL)

A

A list associated with an object (such as a file) that identifies what level of access each subject (such as a user) has - what they can do to the object (such as read, write, or execute).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Active Directive

A

The directory service portion of the Windows operating system that stores information about network - based entities (such as applications, files, printers, and people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ActiveX

A

A Microsoft technology that facilitates rich internet applications and, therefore, extend and enhances the functionality of Microsoft internet explorer. Like Java, ActiveX enables the development of interactive content. When an ActiveX - aware browser encounters a webpage that includes an unsupported feature, it can automatically install the appropriate application so the feature can be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Address Resolution Protocol (ARP)

A

A protocol in the TCP/IP suite specification used to map an IP address to a Media Access Control (MAC) address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Adware

A

Advertising - supported software that automatically plays, displays or downloads advertisements after the software is installed or while the application is being used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Algorithm

A

A step - by - step procedure – typically an established computation for solving a problem with a set number of steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Alpha Testing

A

A form of end - to - end testing done prior to product delivery to determine operational and functional issues.

17
Q

Annualized Loss Expectancy (ALE)

A

How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE=single loss expectancy * annualized rate of occurrence.

18
Q

Annualized Rate of Occurence (ARO)

A

The frequency with which an event is elected to occur in an annualized basis.

19
Q

Anomaly

A

Something that does not fit into an expected pattern.

20
Q

Application

A

A program or group of programs designed to provide specific user functions, such as a word processor or web server.

21
Q

Asset

A

Resources and information an organization needs to conduct it’s business.

22
Q

Asymmetric Encryption

A

Also called public key cryptography, this is a system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message -a public key, available to everyone, and a private key, available only to the owner of the key.

23
Q

Attack

A

An action taken against a vulnerability to exploit a system.

24
Q

Attack Surface Analyzer

A

A product from Microsoft designed to enumerate the elements of a system that are subject to attack.

25
Q

Attack Surface Evaluation

A

An examination of the elements of a system that are subject to attack and mitigations that can be applied.