Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Winters Exam 2

Policy A ________ is a plan that conveys instructions from an organization's senior management to those who make decisions
Standards ________ are more detailed statements of what must be done to comply with policy
Mission The ________ of an organization is a written statement of an organization's purpose
Vision The ________ of an organization is a written statement about the organization's goals
Enterprise Information Security Policy (EISP) A/n ________ is known as a general security policy
Issue Specific Security Policy (ISSP) The ________ instructs employees on the proper use of technology and processes
Access Control Lists ________ consist of the use of access lists, matrices, and capacity tables that govern the rights and privileges of users.
System Specific Policy (SSP) ________ often function as standards or procedures to be used when configuring or maintaining system
Security Blueprint The ________ is the basis for the design, selection, and implementation of all security program elements.
Defense in Depth The layered approach to security is ________
Security Perimeter A/n ________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world
Firewall A/n ________ is a device that selectively discriminates against information flowing into or out of the organization
Demilitarized Zone A buffer against outside attacks is considered a/n ________
Proxy A/n ________ server performs services on behalf of another system
SETA - Security, Education, Training, and Awareness The ________ program is a control measure designed to reduce the incidences of accidental security breach by employees
Incident Response A/n ________ plan addresses the identification, classification, response, and recovery from an incident
Disaster Recovery A/n ________ plan addresses the preparation from and recovery from a disaster
Business Continuity A/n ________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs
Identification Risk ________ is the examination and documentation of the security posture of an organization and the risk it faces
Assessment Risk ________ is the determination of the extent to which the organization's information assets are exposed or at risk
Control Risk ________ is the application of controls to reduce the risk
Risk Each threat must be examined to assess the potential to endanger an organization. This examination is known as a ________ assessment.
Vulnerabilities ________ are specific avenues that threat agents can exploit to attack an asset.
Likelihood ________ is the probability that a specific vulnerability will be the object of a successful attack
Residual ________ risk is the risk that remains even after the application of controls
Policies ________ are documents that specify an organization's approach to security.
Cost Benefit The analysis used to evaluate the worth of the information asset to be protected and the loss in value if those assets are compromised is ________ analysis
Benefit ________ is the value that an organization realizes by using controls to prevent loss
Asset Valuation ________ is the process of assigning financial value to each information asset
Single Loss Expectancy A ________ is the calculation of the value associated with the most likely loss from an attack
Annualized Rate of Occurence The ________ is how often you expect a specific type of attack to occur
Annualized Loss Expectancy The ________ is the overall loss potential per risk
Benchmarking ________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate
Standard of Due Care The ________ is the concept that an organization has done what any prudent organization would do in similar circumstances
Due Diligence ________ is the demonstration that the organization is diligent in ensuring that they implemented standards continue to provide the required level of protection
Risk Appetite ________ defines the amount of risk an organization is willing to accept.
Mandatory Access Controls ________ give users and data owners limited control over access to information
Role-Based Controls ________ are tied to the role a user performs in an organization
Task-Based Controls ________ are tied to the assignment of responsibility of the user
Identification ________ is the process of mapping a supplicant to an entity within the security domain
Auditability Another word for accountability is ________
Firewall A/n ________ is an information security program that prevents specific types of information from moving between the outside world and the inside world
Packet-Filtering A/n ________ firewall examines the header information of data packets
Stateful Inspection ________ firewalls keep track of each network connection between internal and external systems using a state table
Application A/n ________ firewall is also known as a proxy server
Circuit Gateway The ________ firewall operates at the transport layer
MAC layer The ________ firewall allows it to consider the specific host computer's identity
Packet-Filtering First generation firewall are ________ firewalls
Application-Level Second generation firewall are ________ firewalls
Stateful Inspection Third generation firewall are ________ firewalls
Dynamic Packet-Filtering Fourth generation firewall are ________ firewalls
Kernel Proxy Fifth generation firewall include ________ firewalls
Screened Host ________ firewalls combine a packet-filtering router with an application proxy server
Dual-Homed Host With ________ firewalls the bastion host contains two NICs. One for the external and one for the inside network
Rules Firewall ________ operate on the principle of "that which is not permitted is prohibited"
Content Filter A/n ________ is a software filter that allows administrators to restrict access within a network
VPN A/n ________ is used to securely extend an organization's internal network connections to remote locations
Transport In ________ mode, the data within an IP packet is encrypted but not the header information
Tunnel In ________ mode, the entire client packet is encrypted
Intrusion A/n ________ occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system
Intrusion Detection System A/n ________ works like a burglar alarm to detect an attempt to break into your computer system
Intrusion Prevention System A/n ________ can detect an intrusion and prevent that intrusion
Attack Alarm An indication that a system has just been attacked or is under attack
False Negative The failure of an IDPS to react to an actual attack event is considered a/n ________
False Positive An alert that occurs in the absense of an actual attack is a/n ________
False Attack Stimulus An event that triggers an alarm when no actual attack is in progress is a/n ________
Tuning The process of adjusting an IDPS to maximize its efficiency is called ________
Confidence Value The measure of an IDPS's ability to correctly detect and identify attacks is a/n ________
Alarm Filtering The process of classifying IDPS alerts so they can be effectively managed is ________
Alarm Clustering The process of grouping almost identical alarms that happen at close to the same time is ________
Footprinting ________ are activities that gather information about the organization about its network activities and assets
Fingerprinting ________ are activities that scan network locales for active systems and identify network services offered by the host systems
Network-based IDPS An ________ IDPS resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that segment
Application In ________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use
Host-based IDPS A ________ IDPS resides on a particular computer or server, known as the host, and monitors activity only on that system
System integrity verifiers HIDPSs are also known as ________
Signature-based IDPS A/n ________ IDPS examines network traffic in search of patterns that match known signatures
Statistical anomaly-based IDPS The ________ IDPS collects statistical summaries by observing traffic that known to be normal
Stateful protocol analysis The ________ protocol analysis is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations
Deep packet ________ inspection examines packets at the application layer for information that indicates a possible intrusion
Log file monitor A/n ________ IDPS reviews the log files look for patterns and signatures that may indicate that an attack or intrusion is in process or has already occurred
Centralized In a/n ________ IDPS control strategy, all IDPS control functions are implemented and managed in a central locations
Fully distributed In a/n ________ IDPS control strategy, all control functions are applied at the physical location of each IDPS component
Partially distributed In a/n ________ IDPS controls strategy individual agents can still analyze and respond to local threats and report to a hierarchical central facility to detect widespread attacks
Honeypots ________ are decoy systems designed to lure potential attackers away from critical systems
Padded A/n ________ cell is a honeypot that has been protected so it cannot be easily compromised
Trap-and-trace ________ applications use a combination of techniques to detect an intrusion and then trace it back to its source
Port scanners ________ are tools used by both attackers and defenders to identify the computer that are active on a network, as well as, the ports and services active on those computers
Active vulnerability ________ scanners scan networks for highly detailed information
Vulnerability ________ scanners are used to find and document holes in a system
Passive vulnerability A/n ________ scanner is one that listens in on the network and determines vulnerable versions of both server and client software
Packet sniffer A/n ________ is a network tool that collects copies of packets from the network and analyzes them
Biometric access control ________ is based on the use of some measurable human characteristic
Minutiae ________ are unique points of reference that are digitized and stored in an encryped format when the user's system access credentials are created
Entry into or disrupt the normal operations An intrusion occurs when an attacker attempts to gain ________ or ________ an information system, almost always with the intent to do harm.
Intrusion prevention ________ consists of activities that deter an intrustion.
Intrusion detection ________ consists of procedures and systems that identify system intrusions
Intrusion reaction ________ encompasses the actions an organization takes when an intrusion is detexted
Intrusion correction ________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again-thus reinitiating intrusion prevention
Intrusion detection systems ________ became commercially available in the late 1990s
IDPS alerts and alarms ________ take the form of audible signals, email messages, pager notifications, or pop-up windows
Evasion ________ is the process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS
Noise ________ is/are alarm events that are accurate and noteworthy but that do not pose significant threats to information security
Site policy ________ is/are the rules and configuration guidelines governing the implementation and operation of IDPSs within the organization
Site policy awareness ________ is an IDPS's ability to dynamically modify its configuration in response to environmental activity
True attack stimulus ________ is an event that triggers alarms and causes an IDPS to react as if a real attack is in progress
Hub Now outdated technology, a ________ receives traffic from one node and retransmit it to all other nodes
Protocol Stack The elements of these protocols (IP, TCP, UDP, and application layers such as HTTP) are combined in a complete set called the
Application Protocol Verification In ________, the higher-order protocols are examined for unexpected packet behavior
Wireless IDPS A ________ monitors and analyzes wireless network traffic, looking for potential problems with the wireless protocol
Physical security ________ is an issue associated with the implementation of wireless IDPSs concerning many wireless sensors are located in public areas
Sensor range ________ is an issue associated with the implementation of wireless IDPSs concerning a wireless device's reach can be affected by atmospheric conditions
Access point and wireless switch locations ________ is an issue associated with the implementation of wireless IDPSs concerning wireless components with bundled IDPS capabilities must be carefully deployed
Wired network connections ________ is an issue associated with the implementation of wireless IDPSs concerning how these components work independently of the wired network when sending and receiving between stations
Cost ________ is an issue because the more sensors deployed, the more expensive the configuration
Wireless IDPSs ________ are unable to detect certain passive wireless protocol attacks, in which the attacker monitors network traffic without active scanning or probing
Anomaly Detection NBA systems examine network traffic in order to identify problems related to the flow of traffic. They use a version of ________ method to identify excessive packet flows
Host-based IDPS ________ resides on a particular computer, known as the host, and monitors activity only on that system
HIDPS -classifies files into various categories -monitor multiple computers simultaneously -provide only a few general levels of alerts
Signature-based IDPS
Statistical anomaly-based IDPS The ________ collects statistical summaries by observing traffic that is known to be normal
Clipping level When the measured activity is outside the baseline parameters, exceeding the ________, the IDPS sends an alert
Stateful protocol analysis ________ is a process of comparing predetermined profiles of generally accepted definitions of benign activity to identify deviations
Active; Passive ________ acts. ________ reports.
Failsafe ________ features protect an IDPS from being circumvented or defeated by an attacker
Control Strategy A ________ determines how an organization supervises and maintains the configuration of an IDPS
Threshold A ________ is a value that sets the limit between normal and abnormal behavior
Blacklist A ________ is a list of discrete entities, such as hosts, that have been associated with malicious activity
Code viewing and editing ________ is an IDPS technology that permits administrators to see some or all of the detection-related code
Port scanners ________ are tools used by both attackers and defenders to identify the computers that are active on a network
Blackbox There is a class of vulnerability scanners called ________
False reject rate The ________ is the percentage of identification instances in which authorized users are denied access as a result of a failure in the biometric device
False accept rate The ________ is the percentage of identification instances in which unauthorized users are allowed access to systems as a result of failure in the biometric device
Crossover error rate The ________ is the level at which the number of false rejections equals the false acceptances
Created by: mgolf