Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Winters Exam 2
| Term | Definition |
|---|---|
| Policy | A ________ is a plan that conveys instructions from an organization's senior management to those who make decisions |
| Standards | ________ are more detailed statements of what must be done to comply with policy |
| Mission | The ________ of an organization is a written statement of an organization's purpose |
| Vision | The ________ of an organization is a written statement about the organization's goals |
| Enterprise Information Security Policy (EISP) | A/n ________ is known as a general security policy |
| Issue Specific Security Policy (ISSP) | The ________ instructs employees on the proper use of technology and processes |
| Access Control Lists | ________ consist of the use of access lists, matrices, and capacity tables that govern the rights and privileges of users. |
| System Specific Policy (SSP) | ________ often function as standards or procedures to be used when configuring or maintaining system |
| Security Blueprint | The ________ is the basis for the design, selection, and implementation of all security program elements. |
| Defense in Depth | The layered approach to security is ________ |
| Security Perimeter | A/n ________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world |
| Firewall | A/n ________ is a device that selectively discriminates against information flowing into or out of the organization |
| Demilitarized Zone | A buffer against outside attacks is considered a/n ________ |
| Proxy | A/n ________ server performs services on behalf of another system |
| SETA - Security, Education, Training, and Awareness | The ________ program is a control measure designed to reduce the incidences of accidental security breach by employees |
| Incident Response | A/n ________ plan addresses the identification, classification, response, and recovery from an incident |
| Disaster Recovery | A/n ________ plan addresses the preparation from and recovery from a disaster |
| Business Continuity | A/n ________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs |
| Identification | Risk ________ is the examination and documentation of the security posture of an organization and the risk it faces |
| Assessment | Risk ________ is the determination of the extent to which the organization's information assets are exposed or at risk |
| Control | Risk ________ is the application of controls to reduce the risk |
| Risk | Each threat must be examined to assess the potential to endanger an organization. This examination is known as a ________ assessment. |
| Vulnerabilities | ________ are specific avenues that threat agents can exploit to attack an asset. |
| Likelihood | ________ is the probability that a specific vulnerability will be the object of a successful attack |
| Residual | ________ risk is the risk that remains even after the application of controls |
| Policies | ________ are documents that specify an organization's approach to security. |
| Cost Benefit | The analysis used to evaluate the worth of the information asset to be protected and the loss in value if those assets are compromised is ________ analysis |
| Benefit | ________ is the value that an organization realizes by using controls to prevent loss |
| Asset Valuation | ________ is the process of assigning financial value to each information asset |
| Single Loss Expectancy | A ________ is the calculation of the value associated with the most likely loss from an attack |
| Annualized Rate of Occurence | The ________ is how often you expect a specific type of attack to occur |
| Annualized Loss Expectancy | The ________ is the overall loss potential per risk |
| Benchmarking | ________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate |
| Standard of Due Care | The ________ is the concept that an organization has done what any prudent organization would do in similar circumstances |
| Due Diligence | ________ is the demonstration that the organization is diligent in ensuring that they implemented standards continue to provide the required level of protection |
| Risk Appetite | ________ defines the amount of risk an organization is willing to accept. |
| Mandatory Access Controls | ________ give users and data owners limited control over access to information |
| Role-Based Controls | ________ are tied to the role a user performs in an organization |
| Task-Based Controls | ________ are tied to the assignment of responsibility of the user |
| Identification | ________ is the process of mapping a supplicant to an entity within the security domain |
| Auditability | Another word for accountability is ________ |
| Firewall | A/n ________ is an information security program that prevents specific types of information from moving between the outside world and the inside world |
| Packet-Filtering | A/n ________ firewall examines the header information of data packets |
| Stateful Inspection | ________ firewalls keep track of each network connection between internal and external systems using a state table |
| Application | A/n ________ firewall is also known as a proxy server |
| Circuit Gateway | The ________ firewall operates at the transport layer |
| MAC layer | The ________ firewall allows it to consider the specific host computer's identity |
| Packet-Filtering | First generation firewall are ________ firewalls |
| Application-Level | Second generation firewall are ________ firewalls |
| Stateful Inspection | Third generation firewall are ________ firewalls |
| Dynamic Packet-Filtering | Fourth generation firewall are ________ firewalls |
| Kernel Proxy | Fifth generation firewall include ________ firewalls |
| Screened Host | ________ firewalls combine a packet-filtering router with an application proxy server |
| Dual-Homed Host | With ________ firewalls the bastion host contains two NICs. One for the external and one for the inside network |
| Rules | Firewall ________ operate on the principle of "that which is not permitted is prohibited" |
| Content Filter | A/n ________ is a software filter that allows administrators to restrict access within a network |
| VPN | A/n ________ is used to securely extend an organization's internal network connections to remote locations |
| Transport | In ________ mode, the data within an IP packet is encrypted but not the header information |
| Tunnel | In ________ mode, the entire client packet is encrypted |
| Intrusion | A/n ________ occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system |
| Intrusion Detection System | A/n ________ works like a burglar alarm to detect an attempt to break into your computer system |
| Intrusion Prevention System | A/n ________ can detect an intrusion and prevent that intrusion |
| Attack Alarm | An indication that a system has just been attacked or is under attack |
| False Negative | The failure of an IDPS to react to an actual attack event is considered a/n ________ |
| False Positive | An alert that occurs in the absense of an actual attack is a/n ________ |
| False Attack Stimulus | An event that triggers an alarm when no actual attack is in progress is a/n ________ |
| Tuning | The process of adjusting an IDPS to maximize its efficiency is called ________ |
| Confidence Value | The measure of an IDPS's ability to correctly detect and identify attacks is a/n ________ |
| Alarm Filtering | The process of classifying IDPS alerts so they can be effectively managed is ________ |
| Alarm Clustering | The process of grouping almost identical alarms that happen at close to the same time is ________ |
| Footprinting | ________ are activities that gather information about the organization about its network activities and assets |
| Fingerprinting | ________ are activities that scan network locales for active systems and identify network services offered by the host systems |
| Network-based IDPS | An ________ IDPS resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that segment |
| Application | In ________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use |
| Host-based IDPS | A ________ IDPS resides on a particular computer or server, known as the host, and monitors activity only on that system |
| System integrity verifiers | HIDPSs are also known as ________ |
| Signature-based IDPS | A/n ________ IDPS examines network traffic in search of patterns that match known signatures |
| Statistical anomaly-based IDPS | The ________ IDPS collects statistical summaries by observing traffic that known to be normal |
| Stateful protocol analysis | The ________ protocol analysis is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations |
| Deep packet | ________ inspection examines packets at the application layer for information that indicates a possible intrusion |
| Log file monitor | A/n ________ IDPS reviews the log files look for patterns and signatures that may indicate that an attack or intrusion is in process or has already occurred |
| Centralized | In a/n ________ IDPS control strategy, all IDPS control functions are implemented and managed in a central locations |
| Fully distributed | In a/n ________ IDPS control strategy, all control functions are applied at the physical location of each IDPS component |
| Partially distributed | In a/n ________ IDPS controls strategy individual agents can still analyze and respond to local threats and report to a hierarchical central facility to detect widespread attacks |
| Honeypots | ________ are decoy systems designed to lure potential attackers away from critical systems |
| Padded | A/n ________ cell is a honeypot that has been protected so it cannot be easily compromised |
| Trap-and-trace | ________ applications use a combination of techniques to detect an intrusion and then trace it back to its source |
| Port scanners | ________ are tools used by both attackers and defenders to identify the computer that are active on a network, as well as, the ports and services active on those computers |
| Active vulnerability | ________ scanners scan networks for highly detailed information |
| Vulnerability | ________ scanners are used to find and document holes in a system |
| Passive vulnerability | A/n ________ scanner is one that listens in on the network and determines vulnerable versions of both server and client software |
| Packet sniffer | A/n ________ is a network tool that collects copies of packets from the network and analyzes them |
| Biometric access control | ________ is based on the use of some measurable human characteristic |
| Minutiae | ________ are unique points of reference that are digitized and stored in an encryped format when the user's system access credentials are created |
| Entry into or disrupt the normal operations | An intrusion occurs when an attacker attempts to gain ________ or ________ an information system, almost always with the intent to do harm. |
| Intrusion prevention | ________ consists of activities that deter an intrustion. |
| Intrusion detection | ________ consists of procedures and systems that identify system intrusions |
| Intrusion reaction | ________ encompasses the actions an organization takes when an intrusion is detexted |
| Intrusion correction | ________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again-thus reinitiating intrusion prevention |
| Intrusion detection systems | ________ became commercially available in the late 1990s |
| IDPS alerts and alarms | ________ take the form of audible signals, email messages, pager notifications, or pop-up windows |
| Evasion | ________ is the process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS |
| Noise | ________ is/are alarm events that are accurate and noteworthy but that do not pose significant threats to information security |
| Site policy | ________ is/are the rules and configuration guidelines governing the implementation and operation of IDPSs within the organization |
| Site policy awareness | ________ is an IDPS's ability to dynamically modify its configuration in response to environmental activity |
| True attack stimulus | ________ is an event that triggers alarms and causes an IDPS to react as if a real attack is in progress |
| Hub | Now outdated technology, a ________ receives traffic from one node and retransmit it to all other nodes |
| Protocol Stack | The elements of these protocols (IP, TCP, UDP, and application layers such as HTTP) are combined in a complete set called the |
| Application Protocol Verification | In ________, the higher-order protocols are examined for unexpected packet behavior |
| Wireless IDPS | A ________ monitors and analyzes wireless network traffic, looking for potential problems with the wireless protocol |
| Physical security | ________ is an issue associated with the implementation of wireless IDPSs concerning many wireless sensors are located in public areas |
| Sensor range | ________ is an issue associated with the implementation of wireless IDPSs concerning a wireless device's reach can be affected by atmospheric conditions |
| Access point and wireless switch locations | ________ is an issue associated with the implementation of wireless IDPSs concerning wireless components with bundled IDPS capabilities must be carefully deployed |
| Wired network connections | ________ is an issue associated with the implementation of wireless IDPSs concerning how these components work independently of the wired network when sending and receiving between stations |
| Cost | ________ is an issue because the more sensors deployed, the more expensive the configuration |
| Wireless IDPSs | ________ are unable to detect certain passive wireless protocol attacks, in which the attacker monitors network traffic without active scanning or probing |
| Anomaly Detection | NBA systems examine network traffic in order to identify problems related to the flow of traffic. They use a version of ________ method to identify excessive packet flows |
| Host-based IDPS | ________ resides on a particular computer, known as the host, and monitors activity only on that system |
| HIDPS | -classifies files into various categories -monitor multiple computers simultaneously -provide only a few general levels of alerts |
| Signature-based IDPS | |
| Statistical anomaly-based IDPS | The ________ collects statistical summaries by observing traffic that is known to be normal |
| Clipping level | When the measured activity is outside the baseline parameters, exceeding the ________, the IDPS sends an alert |
| Stateful protocol analysis | ________ is a process of comparing predetermined profiles of generally accepted definitions of benign activity to identify deviations |
| Active; Passive | ________ acts. ________ reports. |
| Failsafe | ________ features protect an IDPS from being circumvented or defeated by an attacker |
| Control Strategy | A ________ determines how an organization supervises and maintains the configuration of an IDPS |
| Threshold | A ________ is a value that sets the limit between normal and abnormal behavior |
| Blacklist | A ________ is a list of discrete entities, such as hosts, that have been associated with malicious activity |
| Code viewing and editing | ________ is an IDPS technology that permits administrators to see some or all of the detection-related code |
| Port scanners | ________ are tools used by both attackers and defenders to identify the computers that are active on a network |
| Blackbox | There is a class of vulnerability scanners called ________ |
| False reject rate | The ________ is the percentage of identification instances in which authorized users are denied access as a result of a failure in the biometric device |
| False accept rate | The ________ is the percentage of identification instances in which unauthorized users are allowed access to systems as a result of failure in the biometric device |
| Crossover error rate | The ________ is the level at which the number of false rejections equals the false acceptances |
Created by:
mgolf
Popular Computers sets