This class was created by Brainscape user Andrew Levine. Visit their profile to learn more about the creator.

Decks in this class (126)

1.1 Understand, Adhere, and Promote Professional Ethics
What are the 4 canons in the isc2...
1  cards
1.2 Understand and Apply Security Concepts
1  cards
1-4.3 Privacy Principles
The right of an individual to con...,
Globally adopted privacy principles,
Eu eea privacy protection regulation
5  cards
1-4.4 Cybercrime and Data Breaches
Cybercriminal act that encrypts d...,
Incident that results in disclosu...,
The eu eea regulation that has ve...
5  cards
1-5.1 Investigation Objectives and Requirements
The purpose of this type of inqui...,
This type of investigation is con...,
The basis of this investigation i...
5  cards
1-6.1 Governance Documents
High level governance documents,
Mandatory implementation requirement,
Specific instructions for carryin...
5  cards
1-7.1 Business Continuity Planning
Group responsible for approval of...,
This activity focuses on identifi...,
This plan describes the overall s...
5  cards
1-7.2 Business Impact Analysis
Amount of time allocated for syst...,
Maximum time a process or service...,
Acceptable data loss expressed in...
5  cards
1-8.1 Workplace Lifecycle Security
Process of integrating a new empl...,
Reasons for job rotation and mand...,
Process includes creating user ac...
5  cards
1-8.2 Workforce and Third-Party Policies and Agreements
Document that details user obliga...,
Agreement used to establish data ...,
Agreement that documents technica...
5  cards
1-9.1 Risk Basics
Probability that an event will occur,
Uncertainty of outcome,
Measure of the magnitude of harm
5  cards
1-9.2 Risk Assessment
Scoping and prioritzation of iden...,
Process by which the likelihood i...,
The process of comparing the resu...
5  cards
1-9.3 Risk Analysis
The level of risk before controls...,
Risk analysis approach that is ap...,
Av ef
5  cards
1-9.4 Risk Response and Treatment
Level of risk an organization is ...,
Assigning risk to another party i...,
Selecting one or more options for...
5  cards
1-9.5 Risk Mitigation Controls
Statement of desired result to be...,
Term used to describe multiple la...,
Control that is intended to provi...
5  cards
1-9.6 Monitoring, Reporting, and Maturity
Continuous activity that is used ...,
A visualiztion tool to convey lik...,
Central repository for all risk r...
5  cards
1-10.1 Threat Actors and Attributes
The term used to describe when a ...,
The primary characteristic of thi...,
Ip theft reputation damage and di...
5  cards
1-10.2 Attack Vectors - Digital Infrastructure
Manipulating a trusted source of ...,
Impersonating a address system or...,
Attack designed to overwhelm syst...
5  cards
1-10.3 Attack Vectors - People
Tactics and techniques used to ma...,
Fabricated scenario,
False or misleading information s...
5  cards
1-10.3 Attack Vectors - Code
The process of validating the out...,
Attack that uses a dot dot slash ...,
Injection of malicious code into ...
5  cards
1-10.5 Threat Modeling and Intelligence
Threat model that focuses on syst...,
Threat model that focuses on who,
Us government agency charged with...
5  cards
1-11.1 Supply Chain Relationships and Risks
Ecosystems of organizations proce...,
A sequential flow of goods,
Sole source reliance on a vendor ...
5  cards
1-11.2 Supply Chain Risk Management and Mitigation
A cryptographic hardware security...,
Unique and difficult to replicate...,
A detailed list of components lib...
5  cards
1-12.1 SETA Principles and Practices
Attribute how objective skill,
Timeframe impact of an awareness ...,
Maturity level where training is ...
5  cards
1-12.2 Emerging SETA Trends
This topic is appropriate for saa...,
This topic includes deepfakes and...,
This topic focuses on wallets and...
5  cards
2-13.1 Asset Classification
This type of classification is ba...,
This type of classification is ba...,
National security exposure classi...
5  cards
2-14.1 Asset Handling Requirements
These inform users how to protect...,
Used to communicate classificatio...,
Initial introduction to handling ...
5  cards
2-15.1 Asset Management
They are responsible for decision...,
The are responsible for implement...,
Tools used to create physical and...
5  cards
2-16.1 Manage Data Lifecycle
They are responsible for advising...,
Three states of data,
They determine the purposes for w...
5  cards
2-16.2 Data Collection, Retention, and Archiving
Rules that dictate the data sets ...,
Process of securely storing origi...,
Notice to preserve all forms of r...
5  cards
2-16.3 Data Deletion and Destruction
Residual representation of data,
Clearing technique that overwrite...,
Vendor proof of destruction
5  cards
2-17.1 Asset Retention and Retirement
The date when a product service o...,
Vendor lifecycle policy for produ...,
After this date updates are avail...
5  cards
2-18.1 Control Baselines
Statement of desired result to be...,
Term used to describe multiple la...,
Set of minimum controls for a giv...
5  cards
2-18.2 Data Protection Methods
Cryptographic technique used to p...,
The process in which individually...,
Solutions designed to detect data...
5  cards
3-19.1 Secure Design Principles
In the event of failure access is...,
The opposite of security through ...,
No inherent privileges
5  cards
3-19.2 Trust and Secure Access Service Edge
The premise that trust is never g...,
Used by zta to maintain and confi...,
Network architecture framework th...
5  cards
1-20.1 Information Security Models
Conceptual model that ensures a s...,
And simple meaning,
Confidentiality model that states...
5  cards
3-21.1 Security Evaluation Criteria
Validation that a security contro...,
Degree of confidence that a produ...,
Internationally recognized produc...
5  cards
3-22.1 Trusted Computing Base
Replacement for the traditional bios,
Isolated memory and processor env...,
Uefi feature that ensures only di...
5  cards
3-23.1 Client, Server, and Distributed Computing
In this design most of the proces...,
On path and packet sniffing explo...,
These types of clients have minim...
5  cards
3-23.1 Databases and Database Management Systems
This process completes a transact...,
The process ends a corrupt or inv...,
An intermediate marker within a t...
5  cards
3-23.3 Operation Technology
Term that describes the use of te...,
Embedded system closed loop compo...,
Components include embedded syste...
5  cards
3-23.4 Cloud-based Systems
This cloud deployment model is pr...,
In this cloud service model compu...,
This term represents the growing ...
5  cards
3-23.5 Internet of Things and IIoT
Component that detects and respon...,
Commercial application of iot tec...,
Processing data close to the source
5  cards
3-23.6 Virtualization
Software or firmware components t...,
Term applied to an environment wh...,
This type of vdi reverts back to ...
5  cards
3-23.7 Automation and Solution Elements
Using code to manage configuratio...,
The integration of disparate tool...,
Dynamic allocation of resources t...
5  cards
3-24.1 Cryptography Primer
Mathmatically complex modern cipher,
Secret value used with an algorithm,
Term used to describe a weak cryp...
5  cards
3-24.2 Encryption
Number of keys in a symmetric enc...,
Key mathematically related to a p...,
Us government symmetric algorithm...
5  cards
3-24.3 Hashing and Digital Signatures
Unique fixed length representatio...,
Term used to describe when a hash...,
A hashed value that includes a sy...
5  cards
3-24.4 PKI and Digital Certificates
A digital form of identication,
Digital certificate standard,
Commercial entity that issues tru...
5  cards
3-24.5 Emerging Cryptography
Optical technology that uses phot...,
Method of encryption that allows ...,
Basic unit of quantum computing m...
5  cards
3-25.1 Cryptographic Attacks
When two different hash inputs pr...,
An attack that forces a system in...,
Term used to describe an algorith...
5  cards
3-25.2 Post-Exploitation Attacks
Type of attack that requires a sy...,
Pass the hash is considered this ...,
Cryptographic mutual authenticati...
5  cards
3-25.3 Ransomware
Form of malware used to encrypt f...,
Theft crime involving coercion to...,
A program that is automatically d...
5  cards
3-26.1 Physical Security Principles
This type of control is used to d...,
This type of control is focused o...,
This principle implies that in an...
5  cards
3-27.1 Site and Building Controls
Card with integrated circuitrt us...,
Sensor that measures change is su...,
Optimal location within a buildin...
5  cards
3-27.2 Environmental Impact
Circulation pattern where rows of...,
This environmental hazard can be ...,
Proloonged period of low voltage
5  cards
3-28.1 Information System Lifecycle
Decision points at which a projec...,
Analysis into the viability of an...,
Documents the functionality const...
5  cards
4-29.1 Network Models
Number of layers in the osi model,
Encryption occurs at this level i...,
Bridges and switches operate at t...
5  cards
4-29.2 Internet Protocol
Term used to describe the use of ...,
Format of an ipv6 address,
Ipv6 rule about leading zeros
5  cards
4-29.3 Secure Protocols
Secure replacement for telnet rlo...,
Protocol used to established a se...,
The version of snmp that added cr...
5  cards
4-29.4 Multilayer and Converged Protocols
In this configuration each layer ...,
This open standards based multila...,
The integration of specialty and ...
5  cards
4-29.5 Transport Architecture
An expression of how long it take...,
This topology combines star and bus,
The plane that manages the topology
5  cards
4-29.6 Segmentation
Divisions of the network based on...,
A zone that connects to both trus...,
Network that is isolated from any...
5  cards
4-29.7 Microsegmentation
Granular security strategy employ...,
The smallest possible reduction i...,
Boundary that defines the protect...
5  cards
4-29.8 Wireless Architecture
Radio frequency network that aggr...,
Communications technology that us...,
Short range communication technol...
5  cards
4-29.9 Wi-Fi Networks
Common name for the 80215 standard,
Lu,
Authentication method used in wpa...
5  cards
4-29.10 Virtual Private Cloud
On demand elastic configurable po...,
Type of vpc subnet that hosts the...,
A single scalable unit of cloud c...
5  cards
4-29.11 Continuous Monitoring
Network management protocol that ...,
Snmp software modules installed o...,
Industry standard protocol based ...
5  cards
4-30.1 Transmission Media
An expression of how much time it...,
Quality of useful work made by th...,
Cable that carries digital signal...
5  cards
4-30.2 Network Access Control
This category of nac solution com...,
This device controls ingress and ...,
The device can be used to gain se...
5  cards
4-30.3 Endpoint Security
Protective boundary for the local...,
Integrated endpoint solution that...,
Solution that controls and manage...
5  cards
4-31.1 Voice, Video, and Collaboration (CDN)
Transmission of voice over ip bas...,
This protocol focuses on low late...,
Media files delivered to the end ...
5  cards
4.31.2 Secure Remote Access Communications
This protocol is the successor to...,
An osi layer 3 protocol suite tha...,
In this ipsec mode the entire ori...
5  cards
5-32.1 Access Control Fundamentals
Ability of a subject to take an a...,
Demonstrated reason for access,
Minimum set of rights and permiss...
5  cards
5-33.1 Identify Management
The process of proving identifica...,
The process of granting rights an...,
Enterprise unified login experience
5  cards
5-33.2 Authentication and Credential Management
Use of two or more different fact...,
This type of challenge question t...,
Combination of a username and a f...
5  cards
5-33.3 Biometric Authentication
Biometric what you are,
Biometric what you do,
The intersection of frr and far
5  cards
5-34.1 Federated Identity Management
The processes and technologies in...,
An xml based open standard for ex...,
Authorization framework that allo...
5  cards
5-35.1 Authorization and Access Controls
Access model than requires a demo...,
Permission that flow from parent ...,
Access control model that is pred...
5  cards
5-36.1 Identity and Access Management
The process of creating and manag...,
Confirming the authenticity and a...,
An account that is no longer bein...
5  cards
5-37.1 Implementing Authentication
Protocol generally used for wirel...,
Cryptographic secure mutual authe...,
This aaa system is primarily used...
5  cards
5-37.2 Authentication and Access Control Attacks
This post exploitation attack exp...,
This type of capture requires acc...,
This form of brute force attack l...
5  cards
6-38.1 Assessment and Audit Strategies
Passive assessment or audit activ...,
Potentially intrustive activity u...,
Assessment approach that may redu...
5  cards
6-38.2 Planning Engagements
Document that details the paramet...,
Inferring characteristics based o...,
The process of determining the ta...
5  cards
6-39.1 Vulnerability Testing and Assessment
Automated tools used to look for ...,
Standardized identifier for a vul...,
System used to understand the sev...
5  cards
6-39.2 Penetration Testing and Attack Simulations
Testing approach that provides no...,
Information gathering using publi...,
Act of using a weakness on one sy...
5  cards
6-39.3 Code and Interface Testing
Security code testing technique p...,
Two part qat and uat evaluation t...,
Automated testing technique that ...
5  cards
6-40.1 Operational and Management Metrics
Indicator used to determine if an...,
Indicator uses to determine progr...,
Early warning sign of an unfavora...
5  cards
6-40.2 SETA Measures and Metrics
How often users click on links in...,
How often marketing includes secu...,
Term used to describe a controlle...
5  cards
6-41.1 Response and Disclosure
Deviation from a standard configu...,
The process of approving an excep...,
Decision not to remediate a level...
5  cards
6-42.1 Security Auditing
This process results in independe...,
The type of audit compares the co...,
This type of audit is used to ide...
5  cards
7-43.1 Evidence Handling
Indirect evidence that requires i...,
The quality and completeness of t...,
Acquisition of evidence before it...
5  cards
7-43.2 Forensic Examination
Bit by bit copy of source materia...,
Process of dumping ram,
Tool used to intercept inadverten...
5  cards
7-44.1 Conduct Logging and Monitoring Activities
The process of standardizing the ...,
The process of filtering out dupl...,
Behaviors or actions that suggest...
5  cards
7-44.2 Log Analysis, Detection, and Response Tools
Automation tool that models the b...,
Often used to simplify complex da...,
Auto atyio
5  cards
7-45.1 Configuration Management
Aggregation of information system...,
Agreed upon specifications for a ...,
Ability to deploy it or ot system...
5  cards
7-46.1 Security Operations
Audit report often used when cond...,
This action minimizes monopoly of...,
Principle that requires demonstra...
5  cards
7-47.1 Media Management
This storage device connects to t...,
Hardware based mechanisms for aut...,
Media destruction method that red...
5  cards
7-47.2 Mobile Device Management
Extends mdm functionality to iot ...,
Ownership mode for mobile device ...,
Removing ios restrictions
5  cards
7-48.1 Incident Management
Set of instructions for respondin...,
Process of anticipating threats,
Scenario based exercise workshop ...
5  cards
7-48.2 Incident Response
Incident response process that fo...,
Incident response process that fo...,
Incident response process that fo...
5  cards
7-49.1 Firewalls and Intrusion Detection
This type of firewall is effectiv...,
This type of firewall evaluates e...,
The principle is expressed if not...
5  cards
7-49.2 Web Filtering & Sandboxing
Plug ins or add ons used on indiv...,
Enforces content restrictions to ...,
Curated list of suspected malicio...
5  cards
7-49.3 Malware
Malicious code that exploits know...,
Malware the evades pattern matchi...,
Unique patterns or characteristics
5  cards
7-49.4 Honeypots
Decoy file located on a network f...,
Multiple linked honeypots that si...,
Type of honeypot that imitates se...
5  cards
7-49.5 Artificial Intelligence
Simulation of human intelligence ...,
Contamination of ai training data,
Attempts to fool models through m...
5  cards
7-50.1 Vulnerability and Patch Management
Automated tool used to look for v...,
A set of practices designed to en...,
A systematic process of identifyi...
5  cards
7-51.1 Change Management
This itil term describes changes ...,
This change management kpi tracks...,
This configuration management ele...
5  cards
7-52.1 Backup and Recovery
This backup strategy backs up all...,
This process copies transaction l...,
This replication strategy guarant...
5  cards
7-52.2 Resiliency Strategies
Capability to continue operating ...,
Disk tecnology commonly used for ...,
When data is transmitted over mul...
5  cards
7-53.1 Disaster Response and Recovery
Term used to describe disruptive ...,
1 disaster response priority,
Metric that defines the time allo...
5  cards
7-54.1 DRP Training, Testing, and Communications
This exercise is conducted primar...,
This type of workshop is organize...,
In this type of test recovery sys...
5  cards
7-55.1 Business Continuity Integration
The capability of a business to c...,
The duplication of critical compo...,
Preparing personnel to perform mu...
5  cards
7-56.1 SOC Security
A short sturdy vertical post or p...,
Access control that relies on hum...,
Access card with integrated circu...
5  cards
7-57.1 Workplace Safety
In country emergency contact when...,
Experiencing harmful pressure or ...,
Purpose of this plan is to provid...
5  cards
8-58.1 Software Developement Lifecycle
This software development model r...,
This software development model e...,
A senior level individual or grou...
5  cards
8-58.2 Software Development Collaboration and Maturity Models
This sdlc maturity model is based...,
This type of development team is ...,
This development approach proacti...
5  cards
8-59.1 Development Ecosystem
Set of instructions to control an...,
The process of managing organizin...,
Microsoft automation and configur...
5  cards
8-59.2 Secure Staging
The environment used for experime...,
Environment used to merge code is...,
Best case scenario this environme...
5  cards
8-59.3 Application Security Testing
Testing that can take place very ...,
Testing that addresses platform a...,
Methodology that used predefined ...
5  cards
8-60.1 Software Security Assessment
Objective of this assessment is t...,
This type of assessment checks ag...,
The term used to describe the lev...
5  cards
8-61.1 Software Procurement and Acquisition
The process of finding acquiring ...,
Document used to solicit bids for...,
Copyrighted software available fo...
5  cards
8-62.1 Source Code Vulnerabilities
Results in the excess data being ...,
Results in slow response time or ...,
When multiple threads or processe...
5  cards
8-62.2 Input and Output Validation
The process of validating the out...,
Attack that uses dot dot dash seq...,
Injection of malicious code into ...
5  cards
8-62.3 Secure Coding Practices
The process used to anticipate th...,
Allow only the minimum levels of ...,
Cryptographic method to confirm a...
5  cards

More about
SGreene

  • Class purpose General learning

Learn faster with Brainscape on your web, iPhone, or Android device. Study Andrew Levine's SGreene flashcards now!

How studying works.

Brainscape's adaptive web mobile flashcards system will drill you on your weaknesses, using a pattern guaranteed to help you learn more in less time.

Add your own flashcards.

Either request "Edit" access from the author, or make a copy of the class to edit as your own. And you can always create a totally new class of your own too!

What's Brainscape anyway?

Brainscape is a digital flashcards platform where you can find, create, share, and study any subject on the planet.

We use an adaptive study algorithm that is proven to help you learn faster and remember longer....

Looking for something else?

CISSP
  • 43 decks
  • 2470 flashcards
  • 594 learners
Decks: Cissp Practice Questions All Cissp Domai, Cissp Practice Questions All Cissp Domai, Cissp Practice Questions All Cissp Domai, And more!
CISSP
  • 21 decks
  • 865 flashcards
  • 2722 learners
Decks: Cissp Chapter 1, Cissp Glossary, Cissp Domain 1 Access Control, And more!
CISSP Exam
  • 32 decks
  • 1092 flashcards
  • 2615 learners
Decks: Access Control, Telecommunications And Network Security, Information Security Guidelines And Risk, And more!
CISSP
  • 16 decks
  • 2148 flashcards
  • 699 learners
Decks: Security Management Practices, Security Architecture And Models, Access, And more!
Make Flashcards