Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Chapter 4 Vulnerability Assessment and Mitigating Attacks

Quiz yourself by thinking what should be in each of the black spaces below before clicking on it to display the answer.
        Help!  

Question
Answer
The expected monetary loss that can be expected for an asset due to a risk over a one-year period.   Annualized Loss Expectancy (ALE)  
🗑
The probability that a risk will occur in a particular year.   Annualized Rate of Occurrence (ARO)  
🗑
The process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development.   Architectural design  
🗑
The code that can be executed by unauthorized users in a software program.   Attack surface  
🗑
A comparison of the present state of a system compared to its baseline.   Baseline reporting  
🗑
A test in which the tester has no prior knowledge of the network infrastructure that is being tested.   Black box  
🗑
Presenting the code to multiple reviewers in order to reach agreement about its security.   Code review  
🗑
An analysis of the design of a software program by key personnel from different levels of the project.   Design review  
🗑
The proportion of an asset's value that is likely to be destroyed by a particular risk (expressed as a percentage).   Exposure Factor (EF)  
🗑
A control that errs on the side of permissiveness in the event of a failure.   Fail-open  
🗑
A control that errs on the side of security in the event of a failure.   Fail-safe (fail-secure)  
🗑
A test where some limited information has been provided to the tester.   Gray box  
🗑
The process of eliminating as many security risks as possible and making the system more secure.   Hardening  
🗑
A network set up with intentional vulnerabilities.   Honeynet  
🗑
A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files, to trick attackers into revealing their attack techniques.   Honeypot  
🗑
A test by an outsider to actually exploit any weaknesses in systems that are vulnerable.   Penetration testing  
🗑
Software to search a system for any port vulnerabilities.   Port scanner  
🗑
Hardware or software that captures packets to decode and analyze the contents.   Protocol analyzer (sniffer)  
🗑
The expected monetary loss every time a risk occurs.   Single Loss Expectancy (SLE)  
🗑
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.   Vulnerability assessment  
🗑
An automated software search through a system for any known security weaknesses that then creates a report of those potential exposures.   Vulnerability scan  
🗑
Generic term for a range of products that look for vulnerabilities in networks or systems.   Vulnerability scanner  
🗑
A test where the tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.   White box  
🗑
Sending a packet with every option set on for whatever protocol is in use to observe how a host responds.   Xmas Tree port scan  
🗑


   

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
 
To hide a column, click on the column name.
 
To hide the entire table, click on the "Hide All" button.
 
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
 
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

 
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how
Created by: 1592245141
Popular Computers sets