Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

securityCHPT 4


vulnerability assessment systematic evaluation of asset exposure
asset an item that has positive value
asset identification process of inventorying items
common threat agents natural disasters
common threat agents compromise of intellectual property
common threat agents espionage
common threat agents hardware failure or errors
common threat agents sabotage or vandalism
common threat agents software attacks
common threat agents software failure or errors
common threat agents technical obsolescence
common threat agents theft
common threat agents utility interruption
aspects of vulnerability assessment asset identification
aspects of vulnerability assessment threat evaluation
aspects of vulnerability assessment vulnerability appraisal
aspects of vulnerability assessment risk assessment
threat evaluation pressures are against assets
identify what needs to be protected asset identification
how susceptible is the current protection vulnerability appraisal
what damages could result from the threats risk assessment
what to do about it risk mitagation
common assests people
common assests physical assets
common assests data
common assests hardware
common assests software
after the inventory of assets determine each items relative value
threat agents any person or thing with the power to carry out a threat against an asset
threat modeling understand attackers and their methods often done by constructing scenarios
attack tree provides a visual representation of potential attacks an inverted tree structure
vulnerability appraisal where are our weak spots
risk assessment determining the damage that would come from an attack
vulnerability appraisal take a snapshot of the current security of the organization
vulnerability appraisal catalog each vulnerability
risk assessment assess that that vulnerability is a risk to the organization
outsourcing transfer the risk to a third party
three options when confronted with a risk diminsh,transfer, accept the risk
vulnerability impact scale no impact
vulnerability impact scale small impact
vulnerability impact scale significant
vulnerability impact scale major
vulnerability impact scale catastrophic
single loss expectancy expected monetary loss every time a risk occurs
annualized loss expectancy expected monetary loss that can be expected for an asset due to a risk over a one year period
annualized rate of occurence probability that a risk will occur in a particular year
risk mitagation what to do about the risks
risk identification steps asset identification
risk identification steps threat identification
risk identification steps vulnerability appraisal
risk identification steps risk assessment
risk identification steps risk mitagation
baseline imaginary line by which an element is measured or compared
baseline reporting comparison of the present state of a system compared to its baseline
architectural design
design review
code review
attack surface
software development process requirements
software development process design
software development process implementation
software development process verification
software development process release
software development process support
assessment tools help personnel identify security weakness
assessment tools port scanners
assessment tools protocol analyzers
assessment tools vulnerability scanners
assessment tools honeypots
assessment tools honeynets
port numbers sixteen bits in length
well known ports 0 - 1023
registered ports 1024 - 49151
dynamic ports 49152 - 65535
private ports dynamic ports
open port application or service assigned to that port is listening for instructions
closed port no process is listening at this port
blocked port the host system does not reply to any inquiries
protocol analyzer sniffer
port 20 ftp
port 22 ssh
port 23 telnet
port 69 tftp
port 80 http
port 139 netbios
port 443 https
port 989 ftps
well known port number reserved for the most universal applications
registered port numbers other applications that are not widely used
dynamic ports available for use by any application
process program running on one system
ip address used to uniquely identify each network device
port number tcp/ip uses a numeric value as an identifier to applications and services on these systems
protocol analyzer hardware or software that captures packets to decode and analyze its contents
protocol analyzers can fully decode application layer protocols http ftp
promiscuous mode the strength of a protocol analyzer is that it places the computers nic adapter
port scanner software searches system for port vulnerabilities
tcp connect scanning
tcp syn scanning
tcp fin scanning
stealth scans
xmas tree port scans
vulnerability scanners maintains a database that categorizes and describes the vulnerabilities it detects
vulnerability scanners intended to identify vulnerabilities and alert network admins
honeypot pc typically located in an area with limited security and loaded with software and data files that appear to be authentic yet they are actually imitations of real data files
honeynet network setup with intentional vulnerabilities
assessment tool problem no standard for collecting,analyzing,and reporting vulnerabilities
oval open vulnerability and assessment language
oval common language for the exchange of info regarding security vulnerabilities
oval vulnerability definitions are recorded in xml
oval vulnerability queries are accessed in sql
vulnerability assessment procedures scanning
vulnerability assessment procedures penetration testing
penetration testing pentest
pentest designed to exploit any weakness in systems that are vulnerable
vulnerability scanning inside the building
penetration testing outside the building
penetration testing purposely trying to break into the network from outside the building.trying to do damage.
different penetration testing techniques black box test
different penetration testing techniques white box test
different penetration testing techniques gray box test
security posture an approach,philosophy or strategy regarding security
elements that makeup a security posture initial baseline configuration
elements that makeup a security posture continuous security monitoring
elements that makeup a security posture remediation
standards in mitagating and deterring attacks security posture
standards in mitagating and deterring attacks configuring controls
standards in mitagating and deterring attacks hardening
standards in mitagating and deterring attacks reporting
reporting alarms alerts trends
types of hardening techniques protect accounts with passwords
types of hardening techniques disabling unnecessary accounts
types of hardening techniques disabling unnecessary services
types of hardening techniques protecting management interfaces and applications
configuring controls detection,cameras
configuring controls prevention,locked doors
configuring controls firewalls
purpose of hardening eliminate as many security risks as possible
Created by: cgeaski