Term
| INVOLVES CHANGING data before, or as it is entered into the computer |
|
Definition
|
|
Term
| What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? |
|
Definition
|
|
Term
| To communicate management's intentions in regards to information security |
|
Definition
| Corporate Security Policy |
|
|
Term
| Advanced Research Projects Agency Network (ARPANET), Department of Defense Research Projects Agency Network (DARPANET), Defense Data Network (DDN), or DoD Internets is referred to as |
|
Definition
|
|
Term
| Located right behind your first Internet firewall |
|
Definition
|
|
Term
| Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? |
|
Definition
| Synchronous Communication |
|
|
Term
| What is a TFTP server most useful for? |
|
Definition
| Transferring configurations to and from network devices. |
|
|
Term
| Refers to the data left on the media after the media has been erased |
|
Definition
|
|
Term
| When should a post-mortem review meeting be held after an intrusion has been properly taken care of? |
|
Definition
| Within the first week of completing the investigation of the intrusion. |
|
|
Term
|
Definition
|
|
Term
| ›The air goes out of a room when a door is opened and outside air does not go into the room. |
|
Definition
|
|
Term
| A prolonged power supply that is below normal voltage is a: |
|
Definition
|
|
Term
| Within the CEH curriculum there are 4 tenets on which security rests, what are those 4 tenets? |
|
Definition
| Confidentiality, Integrity, Availability, Authenticity |
|
|
Term
| A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall? |
|
Definition
|
|
Term
| What is a difference between a Quantitative Analysis versus a Qualitative Risk Analysis? |
|
Definition
| quantitative analysis provides formal cost/benefit analysis and qualitative does not |
|
|
Term
| An attribute in one relation that has values matching the primary key in another relation? |
|
Definition
|
|
Term
| Represents the number of columns in a table |
|
Definition
|
|
Term
| What algorithm has been selected as the AES algorithm, replacing the DES algorithm? |
|
Definition
|
|
Term
| Used for Key agreement (key distribution) and cannot be used to encrypt and decrypt messages. |
|
Definition
|
|
Term
| a function that takes a variable-length string a message, and compresses and transforms it into a fixed length value referred to as a hash value. It provides integrity, but no confidentiality, availability or authentication. |
|
Definition
|
|
Term
| The Orange book requires protection against two types of covert channels- what are they? |
|
Definition
|
|
Term
| A communications path that enables a process to transmit information in a way that violates the system’s security policy. |
|
Definition
|
|
Term
| A covert channel that involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a resource (for example, sectors on a disk) that is shared by two subjects at different security levels. |
|
Definition
|
|
Term
| A covert channel in which one process modulates its system resource (for example, CPU cycles), which is interpreted by a second process as some type of communication. |
|
Definition
|
|
Term
| Frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. |
|
Definition
|
|
Term
| Replaced with the development of the Common Criteria international standard originally published in 2005. |
|
Definition
|
|
Term
| Its three primary goals are Data processing continuity planning, data recovery plan maintenance, and testing the disaster recovery plan. |
|
Definition
| business impact assessment |
|
|
Term
| A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software. |
|
Definition
|
|
Term
| It has multiple network interfaces, each connected to separate networks. |
|
Definition
|
|
Term
| High-level statements, beliefs, goals and objectives and the general means for their attainment for a specific subject area |
|
Definition
|
|
Term
| Are mandatory activities, action, rules or regulations designed to provide policies with the support structure and specific direction they require to be effective. |
|
Definition
|
|
Term
| Are more general statements of how to achieve the policies objectives by providing a framework within which to implement procedures. |
|
Definition
|
|
Term
| Spell out the specific steps of how the policy and supporting standards and how guidelines will be implemented. |
|
Definition
|
|
Term
| Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? |
|
Definition
| SET (Secure Electronic Transaction) |
|
|
Term
| An administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards |
|
Definition
|
|
Term
| Which Orange Book evaluation level is described as "Labeled Security Protection"? |
|
Definition
|
|
Term
| Which Orange book security rating introduces security labels? |
|
Definition
|
|
Term
| Which kind of evidence would printed business records, manuals and printouts classify as? |
|
Definition
|
|
Term
| What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? |
|
Definition
|
|
Term
| TCP/IP layer provides for reliable end-to-end communications, ensures the data's error-free delivery, handles the data's packet sequencing, and maintains the data's integrity. It is comparable to the transport layer of the OSI model. |
|
Definition
| Host-to-host transport layer |
|
|
Term
| What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at? |
|
Definition
|
|
Term
| Which approach to a security program makes sure that the people actually responsible for protecting the company's assets are DRIVING the program? |
|
Definition
|
|
Term
| The verification that what is being installed does not affect any portion of the application system already installed. It generally requires the support of automated process to repeat tests previously undertaken. |
|
Definition
|
|
Term
| The set of allowable values that an attribute can take. |
|
Definition
|
|
Term
| An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate. |
|
Definition
|
|
Term
| A domain of trust that shares a single security policy and single management. |
|
Definition
|
|
Term
| An agreement between two companies with like equipments and processing needs provides an inexpensive alternative to other off-site facilities. |
|
Definition
|
|
