Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CISSP Study
Domain 1 - Security and Risk Management
| Question | Answer |
|---|---|
| Acronym meaning: CIA | Confidentiality, Integrity, & Availability (Careful not to fall for the AIC trick as its sometimes referred to) |
| Acronym meaning: IAAA | Identification, Authentication, Authorization, & Accountability |
| Insures reliability and timely access to data and resources to authorized individuals. | Availability |
| Upheld when the assurance of the accuracy and reliability of information systems is provided and any unauthorized modification is prevented. | Integrity |
| Ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. | Confidentiality |
| All of the following provide? Redundant Array of Independent Disks (RAID), Clustering, Load Balancing, Redundant data & power lines, Software & data backups, Disk shadowing, Co-location & offsite facilities, Rollback functions, & Failover configs. | Availability |
| All of the following provide? Hashing (data integrity), Configuration MGMT (System Integrity), Change control (Process Integrity), Access Control (Physical & Technical), Software Digital Signing, & Xmission CRC functions | Integrity |
| All of the following provide? Encryption for DAR (Whole disk & DB), Encryption for DIT (IPSec, TLS, PPTP, SSH), & Access Control (Physical & Technical) | Confidentiality |
| A weakness in a system that allows a threat source to compromise its security? | Vulnerability |
| Any potential danger that is associated with the exploitation of a vulnerability? | Threat |
| If the threat is that someone will identify a specific vulnerability and use it against the company or individual, then the entity that takes advantage of a vulnerability is referred to as? | Threat Agent |
| The likelihood of a threat source exploiting a vulnerability and the corresponding business impact is referred to as? | Risk |
| An instance of being exposed to losses is? | Exposure |
| These are put in place to mitigate (reduce) the potential risk? | Control, Countermeasure, or Safeguard (These terms are interchangeable) |
| A threat agent gives rise to? | Threat |
| A threat exploits? | Vulnerability |
| Vulnerability leads to? | Risk |
| Risk can damage an? | Asset |
| Asset damage can cause an? | Exposure |
| An exposure can be counter measured by a? | Safeguard |
| What are the three (3) control types? | Administrative, Technical, & Physical |
Created by:
towilliamsjr
Popular Engineering sets