click below
click below
Normal Size Small Size show me how
Chapter 10 Terms
Security+ SY0-501 7th Edition Terms (Chapter 10)
Question | Answer |
---|---|
administrative control | A control implemented through administrative policies or procedures. |
cable lock | A physical security deterrent used to protect a computer. |
cold aisles | Server room aisles that blow cold air from the floor. |
compensating controls | Gap controls that fill in the coverage between other types of vulnerability mitigation techniques. (Where there are holes in coverage, we compensate for them.) |
control | Processes or actions used to respond to situations or events. |
control types | Technical, physical, or administrative measures in place to assist with resource management. |
data disposal | Getting rid of/destroying media no longer needed. |
detective control | Controls that are intended to identify and characterize an incident in progress (for example, sounding the alarm and alerting the administrator). |
dumpster diving | Looking through trash for clues—often in the form of paper scraps—to find users’ passwords and other pertinent information. |
Faraday cage | An electrically conductive wire mesh or other conductor woven into a “cage” that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls. |
fire suppression | The act of stopping a fire and preventing it from spreading. |
hoax | Typically, an email message warning of something that isn’t true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus. |
hot aisles | A server room aisle that removes hot air. |
impersonation | Pretending to be another person to gain information. |
information classification | The process of determining what information is accessible, to what parties, and for what purposes. |
mantrap | A device, such as a small room, that limits access to one or a few individuals. Mantraps typically use electronic locks and other methods to control access. |
PASS method | The correct method of extinguishing a fire with an extinguisher: Pull, Aim, Squeeze, and Sweep. |
perimeter security | Security set up on the outside of the network or server to protect it. |
Personal Identity Verification (PIV) | Card required of federal employees and contractors to gain access (physical and logical) to government resources. |
personally identifiable information (PII) | Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver’s license number, fingerprints, and handwriting. |
phishing | A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email. |
physical controls | Controls and countermeasures of a tangible nature intended to minimize intrusions. |
preventive controls | Controls intended to prevent attacks or intrusions. |
privacy | A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved. |
privacy filters | Screens that restrict viewing of monitors to only those sitting in front of them. |
PTZ | Cameras that can pan, tilt, and zoom. |
restricted information | Information that isn’t made available to all and to which access is granted based on some criteria. |
shoulder surfing | Watching someone when they enter their username, password, or sensitive data. |
social engineering | An attack that uses others by deceiving them. It does not directly target hardware or software, but instead it targets and manipulates people. |
spear phishing | A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party. |
tailgating | Following someone through an entry point. |
technical controls | Controls that rely on technology. |
vishing | Combining phishing with Voice over IP (VoIP). |
watering hole attack | Identifying a site that is visited by those that they are targeting, poisoning that site, and then waiting for the results. |
wetware | Another term for social engineering. |
whaling | Phishing only large accounts. |