Vocabulary1 Flashcards

1
Q

availability

A

ensures that information is available when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Coaxial

A

network cabling that has an inner copper core separated by an insulatro from a metallic braid or shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

live forensics

A

Live forensics Taking a binary image of physical memory, gathering details about running processes, and gathering network connection data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CPPT

A

Continuity Planning Project Team?A team comprised of stakeholders within an organization that focuses on identifying who would need to play a role if a specific emergency event were to occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IDL

A

Interface Definition Language?Used by CORBA objects to communicate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Constrained user interface

A

Presents a user with limited controls on information, such as an ATM keypad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data owner

A

A management employee responsible for ensuring that specific data is protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

circumstantial evidence

A

evidence that serves to establish the circumstances related to particular points or even other evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BCP

A

business continuity plan: long-term plan to ensure the continuity of business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

baselining

A

the process of captureing a point-in-time understanding of the current system security configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Database view

A

The result of a database query.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

method

A

Method The function performed by an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Diffusion

A

The order of the plaintext should be dispersed in the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

lumen

A

Lumen The amount of light one candle creates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

honeypot

A

Honeypot A system designed to attract attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

circuit-level proxy

A

proxy firewall that operates at layer 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

COM

A

Component Object Model: locates and connects objects locally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Decryption

A

Converts a ciphertext into plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Consistency testing

A

See Checklist testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Artificial Intelligence

A

science of programming electronic computers to “Think” more intelligently, sometimes mimicking the ability of mammal brains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

background check

A

verification of a persons background and experience; also called pre-employment screening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CIRT

A

Computer Incident Response Team: team that performs incident handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DSSS

A

Direct Sequence Spread Spectrum?Uses the entire wireless band at once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

link state

A

Link state Routing protocols that factor in additional metrics for determining the best route, including bandwidth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

agile software development

A

flexible software development model that eveolved as a reaction to rigid software development modes such as the waterfall model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Coupling

A

OOP concept that connects objects to others; highly coupled objects have low cohesion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

entitlements

A

Entitlements The permissions granted to a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

knowledge base

A

Knowledge base Expert system component that consists of ?if/then? statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

mesh

A

Mesh Physical network topology that interconnects network nodes to each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

bottom-up programming

A

starts with lo-level technical implementation details and works up to the concept of the completed program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ad hoc mode

A

802.11 peer-to-peer mode with no central AP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

graham-denning model

A

Graham?Denning model Has three parts: objects, subjects, and rules; it provides a more granular approach for interaction between subjects and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

entrapment

A

Entrapment A legal defense where the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

genetic programming

A

Genetic programming Creating entire software programs (usually in the form of Lisp source code) via Darwinian evolution principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

authorization

A

actions an individual can perform on a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

lattice-based access controls

A

Lattice-based access controls Nondiscretionary access control with defined upper and lower bounds implemented by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Black box software testing

A

gives the tester no internal details; the software is treated as a black box that receives inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Caller ID

A

identifies the calling phone number; sometimes used as a weak authentication method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

FDDI

A

FDDI Fiber Distributed Data Interface?Legacy LAB technology that uses light.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

E3

A

16 E1s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

fitness function

A

Fitness function Genetic algorithm concept that assigns a score to an evolved algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Control unit

A

CPU component that acts as a traffic cop, sending instructions to the ALU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

EAP-FAST

A

EAP?Flexible Authentication via Secure Tunneling?Designed by Cisco to replace LEAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

802.11i

A

first 802.11 wireless security standard that provides reasonable security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

DAD

A

Disclosure, Alteration, and Destruction?The opposite of confidentiality, integrity, and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

entity integrity

A

Entity integrity Requires that each tuple has a unique primary key that is not null.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

bluetooth

A

802.15 networking, a PAN wireless technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Depth of field

A

The area that is in focus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Binary image

A

bit-level copy of memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

DAC

A

Discretionary Access Control?Gives subjects full control of objects they have been given access to, including sharing the objects with other subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

bytecode

A

machine-indecednet interpreted code, used by Java

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

ARM

A

asynchronous Response Mode: HDLC mode where secondary nodes may initiate communication with the primary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

baseline

A

uniform ways to implement a safeguard; an administrative control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Data warehouse

A

A large collection of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Database

A

A structured collection of related data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

full disclosure

A

Full disclosure The controversial practice of releasing vulnerability details publicly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

combinatorial software testing

A

black box testing method that seeks to identify and test all unique combinations of software inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

DCE

A

Data Circuit-Terminating Equipment?A device that networks DTEs, such as a router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

BGP

A

Border Gateway Protocol: routing protocol used on the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

MPLS

A

MPLS Multiprotocol Label Switching?Provides a way to forward WAN data via labels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

facial scan

A

Facial scan Biometric control compares a picture of a face to pictures stored in a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Impact

A

The severity of damage, sometimes expressed in dollars (value).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Dictionary attack

A

Password cracking method that uses a predefined list of words, like a dictionary, running each word through a hash algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

ADSL

A

Asymmetric Digital Subscriber Line–DSL featuring faster download speeds than upload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

COBIT

A

Control Objectives for Information and Related Technology: a control framework for employing information security governance best practices w/in an org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

genetic algorithms

A

Genetic algorithms Creating computer algorithms via Darwinian evolution principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

IKE

A

Internet Key Exchange?Manages the IPsec encryption algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Diskless workstation

A

Computer systems that contains CPU, memory, and firmware but no hard drive; type of thin client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

DNS

A

Domain Name System?A distributed global hierarchical database that translates names to IP addresses, and vice versa.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Copyright

A

Type of intellectual property that protects the form of expression in artistic, musical, or literary works.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

IPv6 autoconfiguration

A

IPv6 autoconfiguration Autoconfiguration of a unique IPv6 address, omitting the need for static addressing or DHCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

clipper chip

A

(failed) 1993 Escrowed Encryption Standard (EES) which used the skipjack algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Direct evidence

A

Testimony provided by a witness regarding what the witness actually experienced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Context-dependent access control

A

Adds additional criteria beyond identification and authentication; the context of the access, such as time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

IGP

A

Interior Gateway Protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

mirroring

A

Mirroring Complete duplication of data to another disk, used by some levels of RAID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

ARPAnet

A

predecessor to the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Clearance

A

determinateino, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

fraggle attack

A

Fraggle attack Smurf attack variation that uses UDP instead of ICMP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

MAC (Access Control)

A

MAC (access control) Mandatory Access Control?System-enforced access control based on subjects? clearances and objects? labels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Bell-LaPadula

A

security model focused on maintaining the confidentiality of objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Distance vector

A

Routing protocol that uses a simple metric, such as hop count.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

minutiae

A

Minutiae Specific fingerprint details that include whorls, ridges, bifurcation, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

CCM

A

Capability maturity model: maturity framework for evaluating and improving the software development process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

DDL

A

Data Definition Language?Used to create, modify, and delete tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Develop the contingency planning policy statement.

A

First step of the NIST SP 800?34 contingency planning process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

hebern machines

A

Hebern machines Class of cryptographic devices known as rotor machines, includes Enigma and SIGABA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Diffie?Hellman key agreement protocol

A

Key agreement that allows two parties to securely agree on a symmetric key via a public channel with no prior key exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Contraband check

A

Seeks to identify objects that are prohibited from entering a secure perimeter (such as an airplane).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

hacktivist

A

Hacktivist Hacker activist; someone who attacks computer systems for political reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

authroization creep

A

occurs when employees not only maintain old access rights but also gain new ones as they move from one division to another within an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

asymmetric encryption

A

encryption that uses 2 keys–one to encrypt, one to decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Ethics

A

Ethics Doing what is morally right.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Integration Testing

A

Integration testing Testing multiple software components as they are combined into a working system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

HDLC

A

HDLC High-Level Data Link Control?The successor to SDLC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Callback

A

modem-based authentication system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

application layer proxy

A

proxy firewall that operates up to layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

lock picking

A

Lock picking The art of unlocking a lock without a key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

“Bad” blocks/clusters/sectors

A

good disk blocks marked as bad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

buffer overflow

A

condition where an attacker can insert data beyond the end of a buffer variable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Hierarchical database

A

Hierarchical database Database that forms a tree.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

AES

A

Advanced Encryption Standard: block cipher using 128- 192- or 256-bit keys to encrypt 129-bit blocks of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

CPU

A

Central Processing Unit?The ?brains? of the computer, capable of controlling and performing mathematical calculations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

color of law

A

acting on the authority of law enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

administrative Controls

A

implemented by creating and following organizational policy, procedure, or regulation; also called directive controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

BS-25999

A

continuity standard by the British Standards Institute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

book cipher

A

cyptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Conduct the Business impact Analysis (BIA)

A

second step of NIST SP 800-34 contingency planning process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Defense in depth

A

Application of multiple safeguards that span multiple domains to protect an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Heresay

A

Hearsay Second-hand evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Degaussing

A

Destroying the integrity of the magnetization of the storage media, making the data unrecoverable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Data link layer

A

Layer 2 of the OSI model; handles access to the physical layer as well as local area network communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

IPv6

A

IPv6 Internet Protocol version 6, the successor to IPv4?IPv6 features far larger address space, simpler routing, and simpler address assignment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

first sale doctrine

A

First sale doctrine Allows a legitimate purchaser of copyrighted material to sell it to another person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Inheritance

A

Inheritance Objects inherit capabilities from their parent class.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

BCP/DRP project manager

A

the key POC for ensuring that a BCP/DRP is not only completed but routinely tested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

CHAP

A

challenge Handshake Authentication Protocol: a more secure network authentication protocol that uses a shared secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

FDE

A

FDE Full Disk Encryption?Also called whole disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

hubrid attack

A

Hybrid attack Password attack that appends, prepends, or changes characters in words from a dictionary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

flash memory

A

Flash memory A specific type of EEPROM, used for small portable disk drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

full backup

A

Full backup An archive of all files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

fiber optic network cable

A

Fiber optic network cable Uses light to carry information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

footcandle

A

Footcandle One lumen per square foot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

MTTR

A

MTTR Mean Time to Repair?Describes how long it will take to recover a failed system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

CSIRT

A

Computer Security Incident Response Team?The group that is tasked with monitoring, identifying, and responding to security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Cipher

A

a cryptographic algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

enrollment

A

Enrollment The process of enrolling with a system (such as a biometric authentication system), creating an account for the first time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

GAN

A

GAN Global Area Network?A global collection of WANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

legal liability

A

Legal liability Liability enforced through civil law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

compartmentalization

A

technical enforcement of need to know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Cryptography

A

Science of creating messages whose meaning is hidden.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

analog

A

communication that sends a continuous wave of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Cohesion

A

OOP concept that describes an independent object; objects with high cohesion have low coupling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

DES

A

Data Encryption Standard?A symmetric block cipher using a 56-bit key and 64-bit block size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

* Integrity Axiom

A

* Integrity axiom Biba property that states ?no write up.?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Cryptographic protocol governance

A

Describes the process of selecting the right cipher and implementation for the right job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

EF

A

Exposure Factor?The percentage of value an asset lost due to an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

CMP

A

crisis management plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

IDS

A

Intrusion Detection System?A detective technical control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

ISAKMP

A

ISAKMP Internet Security Association and Key Management Protocol?Manages the IPsec Security Association process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

confidentiality

A

seeks to prevent the unauthorized disclosure of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

full knowledge

A

Full knowledge test A penetration test where the tester is provided with inside information at the start of the test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Clark-Wilson model

A

real-world integrity model that protects integrity by having subjects access objects via programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

bridge

A

layer 2 device that has two ports and connnects network segments together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Interpreted code

A

Interpreted code Code that is compiled on the fly each time the program is run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

MAN

A

MAN Metropolitan Area Network?Typically confined to a city, a Zip Code, or a campus or office park.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Biba

A

security model focused on maintaining the integrity of objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

COOP

A

Continuity Of Operations Plan?A plan to maintain operations during a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Diameter

A

Successor to RADIUS; designed to provide an improved authentication, authorization, and accounting (AAA) framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

boot sector virus

A

virus that infects the boot sector of a PC; the virus loads upon system startup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

hash function

A

Hash Function One-way encryption using an algorithm and no key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

ANN

A

artificial Neural Networks: networks that simulate neural networks found in humans and animals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

HIDS

A

HIDS Host-based intrusion detection system?A detective technical control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

MIC

A

MIC Message Integrity Check?Integrity protocol used by WPA2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

MODEM

A

Modem Modulator/demodulator?Takes binary data and modulates it into analog sound that can be carried on phone networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

collection limitation principle

A

OECD privacy guideline principle that states that personal data collection should have limits and that data should be obtained in a lawful manner with the individuals knowledge and approval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

hot site

A

Hot site A backup site with all necessary hardware and critical applications data mirrored in real time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Inference Engine

A

Inference engine Expert system component that follows the tree formed by the knowledge base and fires a rule when there is a match.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

CORBA

A

Common Object Request Broker Architecture?An open, vendor-neutral networked object broker framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

monolithic

A

Monolithic kernel A statically compiled kernel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

EGP

A

Exterior Gateway Protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Active-active cluster

A

involves multiple systems, all of which are online and actively processing traffic or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

Differential backup

A

An archive of any files that have been changed since the last full backup was performed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

keyboard

A

Keyboard unit The external keyboard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

ABM

A

Asynchronous Balanced Mode: HDLC combined mode where nodes may asct as primary or secondary initiaint transmissions w/o receiving permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

BRP

A

business recovery plan: details steps required to restore normal business operations after recovering from a disruptive event. Aka business resumption plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

IRC

A

IRC Internet Relay Chat?A global network of chat servers and clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Bayesian filtering

A

uses mathematicla formulas to assign probabilities to make decisions such as identifying spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Covert channe

A

l Any communication that violates security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

DSL

A

Digital Subscriber Line?Uses existing copper pairs to provide digital service to homes and small offices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

MTU

A

MTU Maximum Transmission Unit?The maximum PDU size on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

802.11b

A

Wireless standard 11 Mbps 2.4 GHz

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

MTD

A

MTD Maximum Tolerable Downtime?The total time a system can be inoperable before an organization is severely impacted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

CIRP

A

Cypber Incident Response Plan: plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan Horses, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

Dynamic password

A

Password that changes at regular intervals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

IP

A

IP Internet Protocol; includes IPv4 and IPv6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

ISO/IEC-27031

A

ISO/IEC-27031 Draft business continuity guideline that is part of the ISO 27000 series.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

MAC (telecommunications)

A

MAC (telecommunications) Media Access Control?Layer 2 protocol that transfers data to and from the physical layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

commandments of computer ethics

A

the computer ethics institute code of ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Chinese wall model

A

model designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessinng multiple conflight of Interest categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Database replication

A

Mirrors a live database, allowing simultaneous reads and writes to multiple replicated databases by clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

exfiltration

A

Exfiltration Policy-violating removal of sensitive data from a secure perimeter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

ECPA

A

Electronic Communications Privacy Act?Provides search and seizure protection to non-telephony electronic communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

magnetic stripe card

A

Magnetic stripe card Passive device that contains no circuits; sometimes called swipe cards because they are swiped through a card reader.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

baseband

A

network with one channel; can only send one signal at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

ARCNET

A

attached Resource Computer Network: legacy LAN technology that uses tokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

Chaining

A

Block cipher mechanism that seeds the previous encrypted block into the next block to be encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

Civil Law

A

law that resolves disputes between individuals or organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

Internet Layer

A

Internet layer TCP/IP model layer that aligns with the Layer 3 of the OSI model and describes IP addresses and routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

CIDR

A

Classless Inter-Domain Routing: allows for many network sizes beyond the arbitraty stateful network sizes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

BCI

A

business Continuity Institute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

MOR

A

MOR Minimum Operating Requirements?Describes the minimum environmental and connectivity requirements in order to operate computer equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

layering

A

Layering Separates hardware and software functionality into modular tiers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

EOC

A

EOC Emergency Operations Center?The command post established during or just after an emergency event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

CSU/DSU

A

Channel Service Unit/Data Service Unit?DCE device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

Agents of law enforcement

A

private citizens carrying out actions on behalf of law enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

high availability cluster

A

High availability cluster Multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided; also called a failover cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

COCOM

A

committee for multilateral export control: munitiions law that was in effect from ‘47-‘94. Designed to control export of criticial technologies (including crypto) to Iron Curtain countries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

Executive Session planning

A

Executive succession planning Determining an organization?s line of succession.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

CSRF

A

Cross-Site Request Forgery?Third-party redirect of static content within the security context of a trusted site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

encapsulation (network)

A

Encapsulation (network) Takes information from a higher network layer and adds a header to it, treating the higher layer information as data.

156
Q

faraday cage

A

Faraday cage Shields enclosing objects from EMI.

158
Q

configuration management

A

process of developing a consistnet system security confiruration that can be leveraged throughout an organization

158
Q

ITIL

A

ITIL Information Technology Infrastructure Library?A framework for providing best services in IT service management.

159
Q

maintenance hook

A

Maintenance hook Shortcut installed by system designers and programmers to allow developers to bypass normal system checks during development.

160
Q

feedback

A

Feedback Stream cipher mechanism that seeds the previous encrypted bit into the next bit to be encrypted.

162
Q

Criminal law

A

Law where the victim can be seen as society itself.

164
Q

Define the classes of gates

A

I: residential gate designed for home use II: commercial, such as a parking garage gate III: Industril/limited access such as a large loading dock IV: Restrictued access such as prison or airport

164
Q

L2F

A

L2F Layer 2 Forwarding?Designed to tunnel PPP.

166
Q

botnet

A

central bot command and control network managed by humans referred to as bot herders

167
Q

ACL

A

Access control list

168
Q

EAPOL

A

EAP Over LAN?A Layer 2 protocol for varying EAP.

170
Q

clipping level

A

minimum reporting threshold level

170
Q

L2TP

A

L2TP Layer 2 Tunneling Protocol?Combines PPTP and L2F.

172
Q

Access control matrix

A

table defining what access permissions exist between specific subjects and objects

173
Q

Computer bus

A

primary communication channel on a computer system

174
Q

802.11g

A

Wireless standard 54 Mbps 2.4 GHz

175
Q

DBA

A

Database Administrator?Person responsible for the installation, configuration, upgrade, administration, monitoring, and maintenance of databases.

176
Q

Code of Ethics Canons

A
    1. Act honorably, honestly, justly, responsibly, and legally 3. 4. Advance and protect the profession
178
Q

Change managemnt

A

the process of understanding, communicazting, and documenting changes

179
Q

Customary law

A

Customs or practices that are so commonly accepted by a group that the custom is treated as a law.

180
Q

ACK

A

TCP flag–acknowledge received data

181
Q

compiler

A

converts source code, suce as C or Basic, and compiles it into machine code

182
Q

Identification

A

Association of an individual.

183
Q

hypervisor mode

A

Hypervisor mode Allows guests to operate in ring 0, controlled by a hypervisor in ring ??1.?

183
Q

mandatory leave

A

Mandatory leave Forcing staff to take vacation or time away from the office; also known as forced vacation.

184
Q

Initial

A

Initial Phase 1 of CMM.

185
Q

Eradication

A

Eradication phase Incident response phase that cleans a compromised system.

187
Q

Data mining

A

Used to search for patterns, such as fraudulent activity, in a data warehouse.

189
Q

awareness

A

security control designeed to change user behavior

190
Q

expert systems

A

Expert systems Seeks to replicate the knowledge and decision-making capability of human experts.

191
Q

administrative law

A

law enacted by gov’t agencies, aka regulatory law

192
Q

FTP

A

FTP File Transfer Protocol?Used to transfer files to and from servers.

194
Q

common criteria

A

an internatinoally agreed upon standard for describing and testing the security of IT products

195
Q

attribute

A

a column in a relational database table

195
Q

EAP-TLS

A

EAP?Transport Layer Security?Uses PKI, requiring both server-side and client-side certificates.

196
Q

GFS

A

GFS Grandfather?Father?Son?A backup rotation method.

197
Q

Iris Scan

A

Iris scan Passive biometric scan of the iris (colored portion of the eye).

198
Q

EAP Extensible Authentication Protocol

A

?A Layer 2 authentication framework that describes many specific authentication protocols.

198
Q

emanations energy

A

Emanations Energy that escapes an electronic system and may be remotely monitored under certain circumstances.

199
Q

enticement

A

Enticement Making the conditions for commission of a crime favorable for those already intent on breaking the law.

201
Q

ALU

A

arithmetic logic unit: CPU component that performs mathematical calculations

203
Q

Best practice

A

a consensus of the best way to protect the confidentiality, integrity, and availability of assets

204
Q

CBC

A

cipher Block Chaining: a block mode of DS that XORs the previous encrypted block of ciphertext to the next block ofplaintext to be encrypted

205
Q

Data dictionary

A

Contains a description of the database tables, including the schema, database view information, and information about authorized database administrator and user accounts.

206
Q

Due diligence

A

The management of due care.

206
Q

hacker

A

Hacker Controversial term that may mean explorer or someone who maliciously attacks systems.

207
Q

managed mode

A

Managed mode 802.11 mode that clients use to connect to an AP.

208
Q

Integrity

A

Integrity Seeks to prevent unauthorized modification of information.

209
Q

Machine code

A

Machine code Software that is executed directly by the CPU.

210
Q

Ethernet

A

Ethernet Dominant local area networking technology that transmits network data via frames.

211
Q

Keyboard dynamics

A

Keyboard dynamics Biometric control that refers to how hard a person presses each key and the rhythm by which the keys are pressed.

213
Q

allocated space

A

portions of a disk partition that are marked as actively containing data

213
Q

Due care

A

Requires that key organizational stakeholders are prudent in carrying out their duties, aka the ?prudent man rule.?

214
Q

backdoor

A

a shortcut in a systme that allows a user to bypass security checks

216
Q

Cryptology

A

The science of secure communications.

217
Q

Cipher Disk

A

cryptographic device that uses two concentric disks, each with an alphabet around the periphery

218
Q

HAVAL

A

HAVAL Hash of Variable Length?A hash algorithm that creates message digests of 128, 160, 192, 224, or 256 bits in length using three, four, or five rounds.

219
Q

Enigma

A

Enigma Rotor machine used by German Axis powers during World War II.

220
Q

half duplex

A

Half duplex Sends or receives at one time only (not simultaneously), like a walkie-talkie.

221
Q

broadband

A

network with multiple channles; can send multiple signals at a time, like cable tv

223
Q

client-side attaks

A

attack where a user downloads malicious content

224
Q

Intellectual property

A

Intellectual property Intangible property that resulted from a creative act.

225
Q

ISM

A

ISM Industrial, Scientific, and Medical?Wireless bands set aside for unlicensed use.

226
Q

bollard

A

post designed to stop a car, typically deployed in front of buildings

227
Q

EPROM

A

EPROM Erasable programmable read-only memory?Memory that may be erased with ultraviolet light.

228
Q

HTTPS

A

HTTPS Hypertext Transfer Protocol Secure?HTTP using SSL or TLS.

229
Q

lock bumping

A

Lock bumping Attack on locks using a shaved key, which bumps the pins, allowing the lock to turn.

231
Q

Digital

A

Communication that transfers data in bits: ones and zeroes.

232
Q

CISC

A

Complex Instruction Set Computer: CPU instructions that are longer and more powerful

233
Q

Kerberos

A

Kerberos A third-party authentication service that may be used to support single sign-on.

234
Q

microkernels

A

Microkernels A modular kernel.

236
Q

compensatory damages

A

damages provides as compensation

237
Q

LCP

A

LCP Link Control Protocol?The initial unauthenticated connection used by CHAP.

238
Q

DBMS

A

Database Management System?Controls all access to the database and enforces database security.

238
Q

Directory path traversal

A

Escaping from the root of a Web server (such as /var/www) into the regular file system by referencing directories such as ?../..?.

238
Q

E1

A

Dedicated 2.048-megabit circuit that carries 30 channels.

238
Q

Identify preventive controls

A

Third step of the NIST SP 800?34 contingency planning process.

240
Q

accreditation

A

the data owner’s acceptance of the risk represented by a system

240
Q

Computer Fraud and Abuse Act

A

title 18 US Code Section 1030

241
Q

Dual-homed host

A

Host with two network interfaces: one connected to a trusted network, and the other connected to an untrusted network.

242
Q

harrison-ruzzo-ullman model

A

Harrison?Ruzzo?Ullman model Maps subjects, objects, and access rights to an access matrix. It is considered a variation of the Graham?Denning model.

243
Q

Instance

A

Instance One copy of an object.

244
Q

Cable Modem

A

provide internet access via broadband cable TV

245
Q

Hold down timer

A

Hold-down timer Distance vector routing protocol safeguard that avoids flapping.

247
Q

Cryptanalysis

A

The science of breaking encrypted messages (recovering their meaning).

248
Q

Individual participation principle

A

OECD privacy guideline principle that states that individuals should have control over their data.

249
Q

Crossover

A

Genetic algorithm concept that combines two algorithms.

250
Q

Cybersquatting

A

Registering Internet domain names associated with another organization?s intellectual property.

251
Q

collusion

A

an agreement betweeen two or more individuals to subvert the security of a system

252
Q

hardcopy data

A

Hardcopy data Any data that is accessed through reading or writing on paper rather than processing through a computer system.

253
Q

monoalphabetic

A

Monoalphabetic cipher Substitution cipher using one alphabet.

254
Q

cold site

A

back up site with raised floor, power, utilities, and phyusical security and no configured systems or data

254
Q

Field of view

A

Field of view The entire area viewed by a camera.

255
Q

Caesar Cipher

A

a Rot-3 substitution cipher

255
Q

Ciphertext

A

an encrypted message

256
Q

EU Data Protection Directive

A

EU Data Protection Directive Privacy directive that allows for the free flow of information while still maintaining consistent protections of each member nation?s citizen?s data.

257
Q

DCOM

A

Distributed Component Object Model?Locates and connects objects across a network.

258
Q

KDC

A

KDC Key Distribution Center?A Kerberos service that authenticates principals.

259
Q

firewall

A

Firewall Device that filters traffic based on Layer 3 (IP addresses) and Layer 4 (ports).

261
Q

All pairs testing

A

aka pairwise testing

261
Q

broadcast

A

traffic that is sent to all stations on a LAN

262
Q

CSMA

A

Carrier Sense Multiple Access?A method used by Ethernet networks to allow shared usage of a baseband network and avoid collisions.

263
Q

Develop an IT contingency plan

A

. Fifth step of the NIST SP 800?34 contingency planning process.

264
Q

GIG

A

GIG Global Information Grid?The U.S. DoD global network, one of the largest private networks in the world.

265
Q

asset

A

a resource that is valuable to an organization and must be protected

266
Q

Detective controls

A

Controls that alert during or after a successful attack.

268
Q

CCMP

A

Counter Mode CBC MAC protocol: used by WPA2 to create a MIC

270
Q

closed source

A

software released in executable form; the source code is kept confidential

271
Q

multicast

A

Multicast One-to-many network traffic, where the ?many? is preselected.

272
Q

encapsulation (object)

A

Encapsulation (object) Contains and hides the details of an object?s method.

273
Q

Application Layer

A

layer 7 of OSI model: where the user interfaces with the computer application – OR – TCP/IP model that combines layer 5-7 of OSI model

275
Q

Chain of Custody

A

requires that, once evidence is acquired, full documentation be maintained regarding what the evidence is, who handled the evidence, when the evidence was handled, and where the evidence was handled

276
Q

ephemeral

A

Ephemeral ports TCP/IP ports 1024 and higher.

277
Q

encryption

A

Encryption Converts the plaintext to a ciphertext.

278
Q

LAN

A

LAN Local Area Network?A comparatively small network, typically confined to a building or an area within one.

279
Q

hybrid risk analysis

A

Hybrid risk analysis Combines quantitative and qualitative risk analysis.

281
Q

Deadbolt

A

A rigid locking mechanism that is held in place by a key and prevents a door from being opened or fully closed when extended.

283
Q

blowfish

A

block cipher using from 32- through 448-bit (default is 128) keys to encypt 64 bits of data

284
Q

ECB

A

Electronic Code Book mode?The simplest and weakest mode of DES.

285
Q

common law

A

legal system that places significant emphasis on particular cases and judicial precedent as a determinant of laws

285
Q

Deterrent controls

A

Controls that deter users from performing actions on a system.

286
Q

malware

A

Malware Malicious software, or any type of software that attacks an application or system.

287
Q

Develop recovery strategies

A

. Fourth step of the NIST SP 800?34 contingency planning process.

288
Q

FRR

A

FRR False Reject Rate?Occurs when an authorized subject is rejected as invalid; also known as a type I error.

290
Q

Abstraction

A

hide unnecessary details from the user

292
Q

extranet

A

Extranet A connection between private Intranets.

293
Q

MD5

A

MD5 Message Digest 5?A hash function that creates a 128-bit message digest.

295
Q

CCTV

A

Closed-Circuit TV: a detective device used to aid guards in detecting the presence of intruders in restricted areas

296
Q

Cracker

A

A black hat hacker.

298
Q

bus

A

physical network topology that connects network nodes in a string

298
Q

CASE

A

computer Aided Software Engineering: uses programs to assist in the creation and maintenance of other ocmputer programs

299
Q

ESP

A

ESP Encapsulating Security Payload?IPsec protocol that primarily provides confidentiality by encrypting packet data.

301
Q

FIdM

A

FIdM Federated Identity Management?Applies single sign-on at a much wider scale, ranging from cross-organization to Internet scale.

302
Q

ATM

A

asynchronous Transfer Mode: WAN technology that uses fixed length cells

304
Q

CWR

A

Congestion Window Reduced?New TCP flag.

305
Q

HMAC

A

HMAC Hashed Message Authentication Code?Provides integrity by combining symmetric encryption with hashing.

305
Q

IMAP

A

Internet Message Access Protocol?An email client protocol.

305
Q

Intranet

A

Intranet A privately owned network running TCP/IP.

307
Q

Differential cryptanalysis

A

Seeks to find the difference between related plaintexts that are encrypted.

308
Q

ARO

A

Annual Rate of Occurrence: the numgber of losses suffered per year

309
Q

802.11n

A

wireless standard 144 Mbps 2.4/5 GHz

310
Q

Ipsec

A

IPsec Internet Protocol Security?A suite of protocols that provide a cryptographic layer to both IPv4 and IPv6.

311
Q

HIPAA

A

HIPAA Health Insurance Portability and Accountability Act?U.S. regulation that protects the privacy of healthcare information.

313
Q

BRI

A

basic Rate interface: provides 2 64-K digital ISDN channels

315
Q

Certificate Authority

A

PKI component that authenticatews the identity of a person or organization before issuring a certificate to them

316
Q

FHSS

A

FHSS Frequency Hopping Spread Spectrum?Uses a number of small-frequency channels throughout the wireless band and ?hops? through them in pseudorandom order.

318
Q

firmware

A

Firmware Stores small programs that do not change frequently, such as a computer?s BIOS.

319
Q

collision

A

two or more plaintexts that share the same hash

320
Q

Dumpster diving

A

A physical attack in which a person recovers trash in hopes of finding sensitive information that has been merely discarded in whole rather than being destroyed.

321
Q

black hat

A

unethical hacker or researcher

323
Q

DNS reflection attack

A

Spoofed DoS attack using third-party DNS servers.

324
Q

ITSEC

A

ITSEC Information Technology Security Evaluation Criteria?The first successful international evaluation model.

325
Q

Classful addresses

A

Ipv4 networks in classes A through E

327
Q

4GL

A

Fourth generation programming language designed to increase programmer’s efficiency by automating the cation of computer programming code

328
Q

DRAM

A

Dynamic Random Access Memory?Stores bits in small capacitors (like small batteries); less expensive but slower than SRAM.

328
Q

Dynamic signatures

A

Biometric control that measures the process by which someone signs his or her name.

330
Q

Bot

A

computer system running malware that is controlled by a botnet

332
Q

Detection phase

A

Incident response phase that analyzes events in order to determine whether they might comprise a security incident.

333
Q

802.1x

A

port-based network access control, layer 2 authentication

334
Q

DoS

A

Denial of Service?An attack on availability.

336
Q

DDoS

A

Distributed Denial of Service?An availability attack using many systems.

338
Q

Disassembler

A

Attempts to convert machine language into assembly.

339
Q

ECE

A

Explicit Congestion Notification Echo?New TCP flag.

340
Q

DARPA

A

Defense Advanced Research Projects Agency.

341
Q

CRL

A

Certificate Revocation List?PKI component that lists digital certificates that have been revoked.

342
Q

EULA

A

EULA End-User License Agreement?A form of software licensing agreement.

343
Q

logic bomb

A

Logic bomb A malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date.

345
Q

Electronic backups

A

Electronic backups Data that is stored electronically and can be retrieved in case of a disruptive event or disaster.

347
Q

gross negligence

A

Gross negligence The opposite of due care.

348
Q

Digital signature

A

Provides non-repudiation, which includes authentication of the identity of the signer and proof of the document?s integrity.

349
Q

ISO 17799

A

ISO 17799 A broad-based approach for information security code of practice by the International Organization for Standardization.

350
Q

Centralized Access Control

A

concentrates access control in one logicla point for a system or crossover

351
Q

MTBF

A

MTBF Mean Time Between Failures?Quantifies how long a new or repaired system will run on average before failing.

352
Q

Demarc

A

Demarcation point, where the ISP?s responsibility ends and the customer?s begins.

353
Q

CCD

A

Charge-Coupled Discharge: a digital CCTV

354
Q

microwave motion detector

A

Microwave motion detector Active motion detector that uses microwave energy.

356
Q

DNSSEC

A

Domain Name Server Security Extensions?Provides authentication and integrity to DNS responses via the use of public key encryption.

356
Q

FAR

A

FAR False Accept Rate?Occurs when an unauthorized subject is accepted as valid; also known as a type II error.

357
Q

Key lock

A

Key lock Preventive device that requires a physical key to unlock.

359
Q

confusion

A

the relationship between the plaintext and ciphertext should be confused (or random) as possible

360
Q

Data quality principle

A

OECD privacy guideline principle that states that personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection.

361
Q

DTE/DCE

A

Connection that spans the demarc.

363
Q

DRP

A

Disaster Recovery Plan?A short-term plan to recover from a disruptive event.

365
Q

CTR

A

Counter?A stream mode of DES that uses a counter for feedback.

366
Q

BOOTP

A

Bootstrap Protocol: used for bootstrapping via a nweork by diskless systems

367
Q

account lockout

A

disables an account after a set number of failed logins, sometimes during a specific time period

368
Q

Database journal

A

A log of all database transactions; should a database become corrupted, the database can be reverted to a backup copy, and then subsequent transactions can be ?replayed? from the journal, restoring database integrity.

369
Q

flat file

A

Flat file Text file that contains multiple lines of data, each in a standard format.

370
Q

HTTP

A

HTTP Hypertext Transfer Protocol?A protocol to transmit Web data via a network.

371
Q

Crippleware

A

Partially functioning proprietary software, often with key features disabled; the user is typically required to make a payment to unlock the full functionality.

372
Q

assembly language

A

low-level computer programming language with instrucctionst hat are short mnemonics that match to machine language instructions

372
Q

modes of operation

A

Modes of operation Dedicated, system-high, compartmented, and multilevel.

373
Q

Content-dependent access control

A

Adds additional criteria beyond identification and authentication; the actual content the subject is attempting to access.

374
Q

exigent circumstances

A

Exigent circumstances With respect to evidence acquisition, justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed.

375
Q

authentication

A

proof of an identity claim

376
Q

Certification

A

a detailed inspection that verifies whether a system meets the documented security requirements

377
Q

foreign key

A

Foreign key A key in a related database table that matches a primary key in the parent database.

378
Q

EAP-TTLS

A

EAP Tunneled Transport Layer Security?Simplifies EAP-TLS by dropping the client-side certificate requirement.

379
Q

business interruption testing

A

partial or complete failover to an alternate site

380
Q

DTE

A

Data Terminal Equipment?A network ?terminal,? such as a desktop, server, or actual terminal.

382
Q

freeware

A

Freeware Software that is free of charge.

384
Q

compensating controls

A

additional security controls put in place to compensate for weaknesses in other controls

385
Q

mobile sites

A

Mobile sites DRP backup site option that is a ?data centers on wheels,? towable trailers that contain racks of computer equipment, as well as HVAC, fire suppression, and physical security.

386
Q

Kernel

A

Kernel The heart of the operating system, usually running in ring 0; it provides the interface between hardware and the rest of the operating system, including applications.

387
Q

IaaS

A

IaaS Infrastructure As A Service?Provides an entire virtualized operating system, which the customer configures from the OS on up.

389
Q

hypervisor

A

Hypervisor Software or operating system that controls access between virtual guests and host hardware.

390
Q

monitor mode

A

Monitor mode 802.11 read-only mode used for sniffing.

391
Q

antivirus software

A

software desinged to prevent and detect malware infections

392
Q

formal access approval

A

Formal access approval Documented approval from the data owner for a subject to access certain objects.

393
Q

DML

A

Data Manipulation Language?Used to query and update data stored in the tables.

394
Q

lux

A

Lux One lumen per square meter.

396
Q

circuit-switched network

A

network that provides a dedicated circuit or channel between two nodes

398
Q

HDSL

A

HDSL High-Data-Rate DSL?Matches SDSL speeds using two copper pairs.

399
Q

Corroborative evidence

A

Evidence that provides additional support for a fact that might have been called into question.

400
Q

Managed

A

Managed Phase 4 of CMM.

401
Q

Database shadowing

A

Two or more identical databases that are updated simultaneously.

403
Q

IDEA

A

International Data Encryption Algorithm?A symmetric block cipher using a 128-bit key and 64-bit block size.

404
Q

linear cryptanalysis

A

Linear cryptanalysis Known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key.

405
Q

closed system

A

system using proprietary hardware or software

405
Q

EEPROM

A

Electrically Erasable Programmable Read-Only Memory?Electrically erasable memory via the use of a flashing program.

407
Q

Big Bang Testing

A

integration testing that tests all integrated software components

409
Q

Corrective controls

A

Controls that correct a damaged system or process.

410
Q

BIOS

A

Basic Input/Output System: typically stored in firmware

412
Q

GLBA

A

GLBA Gramm?Leach?Bliley Act?Requires financial institutions to protect the confidentiality and integrity of consumer financial information.

413
Q

hub

A

Hub Layer 1 network access device that acts as a multiport repeater.

414
Q

applet

A

small pieces of mobile code that are embedded in other software such as web browsers

415
Q

multipart virus

A

Multipartite virus Virus that spreads via multiple vectors; also called multipart virus.

416
Q

ActiveX controls

A

the functional equivalent of Java applets;’ they use digital certificates instead of a sandbox to provide security

417
Q

Defined

A

Phase 3 of CMM.

418
Q

Continuity of support plan

A

Focuses narrowly on support of specific IT systems and applications.

419
Q

aggregation

A

mathematical attack where a user is able to use lower level access to learn restricted information

421
Q

full duplex

A

Full duplex Two-way simultaneous transmission, like two people having a face-to-face conversation.

422
Q

AV

A

asset value: the value of a protected asset

423
Q

hand geometry

A

Hand geometry Biometric control that uses measurements from within specific points on the subject?s hand.

424
Q

Fingerprint scan

A

Fingerprint scan Biometric scan of the minutiae (specific details of the fingerprint).

425
Q

middleware

A

Middleware Connects programs to programs.

427
Q

Interrupt

A

Interrupt Indicates an asynchronous CPU event has occurred.

428
Q

DMZ

A

Demilitarized Zone?Used to separate trusted from untrusted networks.

429
Q

JSON

A

JSON JavaScript Object Notation?A data interchange format.

430
Q

master mode

A

Master mode 802.11 mode used by APs.

431
Q

access aggregation

A

the collective entitlementts granted by multiple systems to one user; can lead to authorization creep

432
Q

Dynamic testing

A

Tests code while executing it.

433
Q

Incremental backup

A

An archive of all files that have changed since the last backup of any kind was performed.

434
Q

Checklist Testing

A

lists all necessary component required for successful recovery and ensures that they are, or will be, readily available should a disaster occur; also known as consistency testing

435
Q

fair use doctrine

A

Fair use doctrine Allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder.

437
Q

DHCP

A

Dynamic Host Configuration Protocol?Assigns temporary IP address leases to systems, as well as DNS and default gateway configuration.

438
Q

active RFID

A

powered RFID tags that can operate via larger distances

440
Q

backward chaining

A

expert system mode that starts with a premise and works backwards

441
Q

Bastion host

A

any host placed on the internet that is not protected by another device

442
Q

IPv4

A

IPv4 Internet Protocol version 4, commonly called IP?IPv4 is the fundamental protocol of the Internet.

443
Q

Dual-factor authentication

A

See Strong authentication.

445
Q

Acceptance Testing

A

testing to ensure that he software meets the customer’s operational requirements

446
Q

HTML

A

HTML Hypertext Markup Language?Used to display Web content.

447
Q

MAC address

A

MAC address Layer 2 address of a NIC.

449
Q

Installation testing

A

Installation testing Testing software as it is installed and first operated.

450
Q

HIPS

A

HIPS Host-based Intrusion Prevention System?Preventive device that processes information within the host.

451
Q

ALE

A

Annualized Loss Expectancy: the cost of loss due to a risk over a year

452
Q

Convergence

A

All routers on a network agree on the state of routing.

453
Q

802.11a

A

Wireless standard 54 Mbps using 5 GHz

454
Q

brute force attack

A

attck that attemptst every possible key or combination

456
Q

cache memory

A

the fastest memory on the system; required to keep up with the CPU as it fetches and executes instructions

457
Q

Containment phase

A

Incident response phase that attempts to keep further damage from occurring as a result of the incident.

458
Q

Internet

A

Internet A global collection of peered networks running TCP/IP.

460
Q

Disaster

A

Any disruptive event that interrupts normal system operations.

462
Q

Custodian

A

Provides hands-on protection of assets.

463
Q

802.11

A

Wireless networking standard

464
Q

DEA

A

Data Encryption Algorithm?Described by DES.

465
Q

active-passive cluster

A

involves devices or systems that are already in place, configured, powered on, and ready to begin processing network traffic should a failure occur on the primary

466
Q

Jefferson disks

A

Jefferson disks Cryptographic device invented by Thomas Jefferson that used multiple wheels, each with an entire alphabet along the ridge.

467
Q

guideline

A

Guideline A recommendation; an administrative control.

469
Q

fuzzing

A

Fuzzing A type of black box testing that enters random malformed data as inputs into software programs to determine if they will crash.

471
Q

Best evidence rule

A

requires use of the strongest possible evidence

473
Q

civil law (legal system)

A

legal system that leverages codified laws or statutes to determine what is considered within the bounds of law

474
Q

LAND attack

A

LAND attack DoS attack that uses a spoofed SYN packet that includes the victim?s IP address as both source and destination.

476
Q

Fetch and execute

A

Fetch and execute Mechanism that allows the CPU to receive machine language instructions and execute them; also called fetch, decode, execute, or FDX.

477
Q

accountability principle

A

OECD privacy guideline principle that states indivisuald should have the right to challenge the content of any personal data being held and can update that data

478
Q

accountability

A

holds individuals accountable for their actions

479
Q

candidate keys

A

any attribute (column) in the table with unique values

480
Q

free software

A

Free software Controversial term that is defined differently by different groups. ?Free? may mean free of charge, or ?free? may mean users are free to use the software in any way they would like, including modifying it.

481
Q

mantrap

A

Mantrap A preventive physical control with two doors; each door requires a separate form of authentication to open.

482
Q

CER

A

crossover error rate: Describes the point where the false reject rate (FRR) and False Acept Rate (FAR) are equal

483
Q

memory

A

Memory Volatile or nonvolatile computer storage.

484
Q

motherboard

A

Motherboard Contains computer hardware including the CPU, memory slots, firmware, and peripheral slots such as peripheral component interconnect (PCI) slots.

485
Q

AH

A

Authentication Header–Ipsec protocol that provides authentication and integrity for each packet of network data

486
Q

commit

A

makes changes to a database permenant

487
Q

breach notification

A

notification of persons whose personal data has been, or is likely to have been, compromised

488
Q

asynchronous dynamic token

A

authentication token that is not synchronized with a central server; includes challenge-response tokens

489
Q

Inference

A

Inference Deductive attack where a user is able to use lower level access to learn restricted information.

490
Q

CFB

A

Cipher Feedback: stream-mode DES that is similar to block mode CBC

491
Q

electronic vaulting

A

Electronic vaulting Batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval.

492
Q

LLC

A

LLC Logical Link Control?Layer 2 protocol that handles LAN communications.

493
Q

label

A

Label Security level assigned to an object, such as confidential, secret, or top secret.

494
Q

Java

A

Java An object-oriented language used not only to write applets but also as a general-purpose programming language.

495
Q

forward chaining

A

Forward chaining Expert system mode that starts with no premise and works forward to determine a solution.

496
Q

IPS

A

IPS Intrusion Prevention System?A preventive device designed to prevent malicious actions.

497
Q

brewer-nash model

A

same as chinese wall model

498
Q

LEAP

A

LEAP Lightweight Extensible Authentication Protocol?A Cisco proprietary protocol released before 802.1X was finalized.

499
Q

ISDN

A

ISDN Integrated Services Digital Network?Provides digital service via copper pair.

500
Q

Domains of trust

A

Access control model used by Windows? Active Directory.