Vocab Week 3

Question 1

Clean System

Answer 1

A computer system in which the OS and application system software and files have been freshly installed from trusted software distribution media

Question 2

Configuration Control

Answer 2

Process of regulating changes to hardware, firmware, software, and documentation throughout the development and operational life of a system

Question 3

Daemon

Answer 3

Computer program that is not invoked explicitly but waits until a specified condition occurs, and then runs with o associated user, usually for an administrative purpose

Question 4

Evaluation Assurance Level

Answer 4

Predefined package of assurance components hat represents a point on the common criteria scale for rating confidence in the security of information technology products and systems.

Question 5

handshake

Answer 5

Protocol dialogue between two systems for identifying ad authenticating themselves

Question 6

Harden

Answer 6

To protect a system by configuring it to operate in a way that eliminates of mitigates known variables

Question 7

Legacy System

Answer 7

System in operation hat is in operation but ill not be improved or expanded while a new system is being developed to supersede it

Question 8

Misuse

Answer 8

The intentional use of system resources for other than authorized purposes.

Question 9

POSIX

Answer 9

Portable Operating System Interface for Computer Environments. Defines and OS interface and environment to support application portability at the source code level.

Question 10

Post Office Protocol, Version 3

Answer 10

An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve messages that the serves has received and is holding for the client

Question 11

Repudiation

Answer 11

Denial by a system entity that was involved in an association (especially a communication association that transfers data) of having participated in the relationship.

A type of threat action whereby an entity deceives another by falsely denying responsibility for an act

Question 12

Root

Answer 12

A CA [certification authority] that is directly trusted by an end entity

Question 13

Secure Shell

Answer 13

Protocol for remote login and other secure network services

Question 14

Sandbox

Answer 14

Restricted controlled execution environment that prevents potentially malicious software, such as mobile code from accessing any system resources except those for which the software is authorized.

Question 15

Session

Answer 15

Computer usage. A continuous period of time, usually initiated by a login, during which a user accesses a computer system

Question 16

System Integrity

Answer 16

An attribute of quality “that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation

Question 17

System User

Answer 17

a system entity that consumes a product or service provided by the system, or that accesses and employs system resources to produce a product or service of the system

Question 18

Trust

Answer 18

A feeling of certainty either:

a) the system won’t fail
b) system meets specs

Question 19

Trust Level

Answer 19

A characterization of standard of security protection to be met by an information system

Question 20

Trusted Computer System Evaluation Criteria

Answer 20

Standard for evaluation the security provided by OS. Known as the Orange Book because of the color of its cover

Question 21

Trusted Computing Base

Answer 21

The totality of protection mechanisms within a computer system, including hardware, firmware and software, the combination of which is responsible for enforcing a security policy.

Question 22

Trustworthy Systems

Answer 22

System that is not only trusted but also warrants that tryst because the systems behavior can be validated in some convincing way such as through formal analysis or code review

Question 23

Usurpation

Answer 23

and event that results in control of the system services or function by an unauthorized entity. This type of threat consequence can be caused by the following types of threat actions: misappropriation, misuse.

Question 24

Zombie

Answer 24

Internet host computer that has been surreptitiously penetrated by an intruder that installed malicious daemon software to case the host to operate as an accomplice in attacking other hosts, particularly in distributed attacks that attempt denial of service though flooding