Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
What are the seven phases of the system development life cycle?
|
determine requirements; systems analysis; system design; programming; testing; production & maintenence; and disposal & reuse
|
|
What is certification & accreditation (C&A)?
|
a standard set of steps used to prove that a system meets the design goals
|
|
Who usually performs certification of a system?
|
a 3rd party, either a certifier or a Certification Authority (CA)
|
|
Who usually performs accreditation?
|
management or a Designated Approving Authority (DAA)
|
|
What is the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP)?
|
the certification & accreditation process used by the DoD where security is a priority
|
|
What is the National Information Assurance Certification and Accreditation Process (NIACAP)?
|
the certification & accreditation process for non-Defense government organizations
|
|
What are the two types of security-related policies?
|
employee policies and security policies
|
|
What is the security mode of operation?
|
the outline of processes by which information is access & processed
|
|
What are the four security modes of operation?
|
dedicated mode; system high mode; compartmented/partitioned mode; and multilevel mode
|
|
What is the dedicated security mode of operation?
|
a system intended solely for one type or classification of information
|
|
What do users need to access a dedicated-mode system?
|
clearance for all classified information, an NDA, and need-to-know
|
|
What do users need to access a system high-mode system?
|
clearance for all classified information and an NDA
|
|
What do users need to access a compartmented system?
|
clearance for the most classified information, an NDA, and need-to-know
|
|
What do users need to access a partitioned-mode system?
|
clearance for the most classified information
|
|
What do users need to access a multilevel-mode system?
|
clearance for data they have access to and need-to-know
|
|
What is a roadmap?
|
a blueprint designed to meet the specific security needs of a company
|
|
What are the three types of NAT?
|
static, dynamic, and overloading
|
|
What is static NAT?
|
a NAT where each host always receives the same external IP address unique to them
|
|
What is dynamic NAT?
|
a NAT where a host receives an IP address from a pool of available addresses
|
|
What is an overloading NAT?
|
a NAT which assigns the same external IP address to multiple internal hosts at the same time
|
|
What five types of filtering can be performed by firewalls?
|
packet filtering; stateful inspection; application gateway; circuit-level gateway; and proxy server
|
|
What two disadvantages do packet-filtering firewalls have?
|
they are vulnerable to spoofing and difficult to configure
|
|
What disadvantage does an application gateway have?
|
it is extremely processor-intensive
|
|
What does a circuit-level gateway do?
|
applies security when a TCP or UDP connection is established
|
|
What is a bastion host?
|
a host that sits outside of a DMZ
|
|
What is a back-to-back network?
|
a DMZ protected by firewalls from both internal and external attack
|
|
What are the three parts of a service leg DMZ?
|
the external DMZ network; the internal network; and the protected service leg DMZ
|
|
What is the primary disadvantage to a service leg DMZ?
|
it is more vulnerable to a DoS attack, since all traffic must go through a firewall
|
|
What is configuration management (CM)?
|
the process of identifying, monitoring, and maintaining control of the hardware and software of a system
|
|
Who authorizes all changes when configuration management is in effect?
|
a Configuration Control Board (CCB)
|
|
When assigning value to an asset, what two factors should be considered?
|
the criticality amount and its sensitivity level
|
|
What is a criticality amount?
|
the importance of an asset to an organization
|