Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
Risk, as it applies to IT is associated with
|
-People
-Practices -Processes |
|
Another name for the Information Security Triad is
|
CIA triad
|
|
What represents keeping an organization information accurate, without error, and without unauthorized modification
|
Integrity
|
|
Security principle limits access of information to the minimum necessary
|
Least privilege
|
|
Limitation of access based on rules provided through the ID of the entity attempting to access an object
|
Access Control Services
|
|
Division of tasks between different people to complete a business process or work function.
|
SOD-Segregation of duties
|
|
Process of determining & assigning privileges to various resources, objects, and data.
|
Access Control
|
|
Access controls sufficient to maintain the CIA triad
|
-Detective
-Corrective -Preventative |
|
Access Control Service that determines capabilities of a subject when accessing the object.
|
Authorization
|
|
Access control type covers personnel security, monitoring, user & password management, and permissions management.
|
Administrative
|
|
Restricting access to objects based on sensitivity of the information contained in the objects is:
|
MAC
|
|
Which nondiscretionary access control technique limits subject's access to objects by examining object data so that the subject's access rights can be determined?
|
Content dependen
|
|
What one or more methods are used to authenticate identity?
|
-Something you have
-Something you know -Something you are |
|
An auth. factor using passwords and password variants
|
Something you know
|
|
An auth. factor using a personal attribute such as fingerprints.
|
Something you are.
|
|
An auth. factor using a physical device such as a magnetic strip
|
Something you have.
|
|
Which auth. method is necessaryto safeguard systems and facilities in high-security environments?
|
Strong two factor authentication
|
|
Though single sign on (SSO) can be convenient, what is a potential security problem?
|
It can allow an unauthenticated user access to all systems.
|
|
Which access control administration method involves distributing the process to localized parts of the enterprise?
|
Centralized.
|
|
What is the simplest way to attack an access control system?
|
Capture a user ID and steal a password.
|
|
Limits or eliminates user's ability to access the network and/or data
|
Denial of Service (DOS)
|
|
Programs such as malware, spyware, viruses, and worms may cause system failures, or malfunctions.
|
Malicious software
|
|
Protocol analyzer used to capture user IDs and passwords.
|
Sniffer
|
|
Information left on media after erasures or deletions.
|
Remnants.
|
|
Reclaiming information from media thought to be erased.
|
Object reuse.
|
|
A set of predefined words from a dictionary to crack a password.
|
Dictionary attack.
|
|
Accessing a program or operating system through a hidden entry point.
|
Trapdoor
|
|
Attempting to access a system by trying every possible combination of a password or a PIN.
|
Brute Force.
|
|
Passing electrons through a wire or over the radio to leak protected information.
|
Emanation.
|
|
Accessing a program or operating system through a hidden entry point placed in programs to allow programmers to repair problems.
|
Backdoor
|
|
Attack where attacker pretends to be someone else to hide his/her actual identity.
|
Spoofing.
|
|
A signature file contains profiles of known threats in a:
|
Intrusion Detection System
|
|
Controlled use of attack methods to test security of a system or facility
|
Penetration testing
|
|
Penetration test process phase that includes gaining more detailed information about the selected target
|
Enumeration
|
|
What does war dialing do?
|
Locates and attempts to penetrate wireless systems.
|
|
|
|
|
Another name for the Information Security triad is
|
The CIA triad
|
|
This represents the property of keeping an organization information accurate, without error, and without unauthorized modification
|
Integrity
|
|
Describe Least Privilege
|
Security principle that limits access of information to the minimum necessary
|
|
Describe Access Control Services
|
Limitation of access based on rules provided through the ID of the entity attempting to access an object.
|