vocabularyA

Question 1

2DES

Answer 1

The process of performing the DES algorithm two times at every block.

Question 2

3DES

Answer 2

Triple DES is a more secure implementation of DES which includes three equally secure versions. Each of the versions changes the way that the iterations are applied.

Question 3

Abstraction

Answer 3

A protection mechanism technique which is the primary feature of object-oriented programming. Objects look like black boxes in which contents of the black box are not known, but the points of entry and exit are.

Question 4

Accountability

Answer 4

A security control architecture that includes monitoring and log file analysis.

Question 5

ACL

Answer 5

An access control list is a list that specifies which subjects can access which objects.

Question 6

ActiveX

Answer 6

A program or control written by Microsoft that runs in distributed mode on the client.

Question 7

Administrative Control

Answer 7

A design-based control that dictates policies and procedures and informs of the correct way to operate in a safe, secure manner.

Question 8

Administrative Detective Control

Answer 8

Policy or rule that detects when something has occurred by using auditing or performance reviews to see the actions that subjects have taken.

Question 9

Administrative/Regulatory Law

Answer 9

Any regulation that governs specific personal or organization practices.

Question 10

AES

Answer 10

Advanced Encryption Standard is a symmetric cryptographic algorithm standard which is the officially accepted replacement standard for DES and 3DES. AES allows three key strengths that are dependent upon the key lengths, and three different transformation layers.

Question 11

Agent

Answer 11

A program or some other process that performs a special service on behalf of another process or principal. An agent works in a different environment from the principal.

Question 12

Aggregation

Answer 12

The process of obtaining information of high sensitivity by combining information from lower levels of sensitivity.

Question 13

ALE

Answer 13

Annual Loss Expectancy is the Single Loss Expectancy times the Annual Rate of Occurrence.

Question 14

Algorithm

Answer 14

A sequence of steps that is used to encrypt plaintext.

Question 15

ALU

Answer 15

The arithmetic logic unit is the area inside of the CPU which performs arithmetic and logical functions.

Question 16

AND

Answer 16

A binary math operator used in cryptography that has an input value of either a zero or one. The input values are combined to give the results seen in the table.

Question 17

ANSI

Answer 17

The American National Standards Institute is a voluntary organization that works to establish standards with relationship-to-character sets and programming languages.

Question 18

Applet

Answer 18

A similar program to an agent, with the exception that it is platform-independent.

Question 19

Application Layer

Answer 19

The highest layer of the ISO/OSI reference model that provides services for high-level programs and program-to-program transfer of information.

Question 20

Architecture

Answer 20

A design which provides outlines and exact mechanisms of both hardware and software. It can be divided into five different components: input/output, storage, communication, control, and processing.

Question 21

ARCnet

Answer 21

Attached Resource Computer Network is one of the earliest LAN technologies that uses a token passing method within a bus topology.

Question 22

ARO

Answer 22

Annual Rate of Occurrence is the calculated, annual probability of loss. It is an estimate of the probability a stated threat will be realized.

Question 23

ARP

Answer 23

Address Resolution Protocol is a TCP/IP protocol that finds and determines the address of a system on a LAN when only the IP address is known.

Question 24

Asymmetric Algorithm

Answer 24

An algorithm containing a public key that is generated and may be given to anyone. The receiver then uses their own private key to decrypt the message.

Question 25

Asynchronized Device

Answer 25

A token device which uses a challenge-response approach to generate a password.

Question 26

Authentication

Answer 26

A system for validating that the subject or object is really who or what they say or appear to be.

Question 27

Authentication Service

Answer 27

The part of the KDC that actually authenticates the subjects and objects.

Question 28

Authorization Creep

Answer 28

Accidentially giving a subject access to objects that are not intended for them to have access to.

Question 29

Availability

Answer 29

Part of the security triad that ensures the system is available when needed by means such as fault tolerance or performance tuning.