Shared Flashcard Set

Details

MidTermCIS
CIS
120
Computer Science
Graduate
10/07/2015

Additional Computer Science Flashcards

 


 

Cards

Term
If VoIP traffic needs to traverse through a WAN with congestion, you need
Definition
quality of service (QoS)
Term
T/F The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.
Definition
False
Term
T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.
Definition
False
Term
What is meant by multi-tenancy?
Definition
A database feature that allows different groups of users to access the database without being able to access each other’s data.
Term
Which of the following is the definition of system owner?
Definition
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
Term
A security awareness program includes
Definition
All:
teaching employees about security objectives
motivating users to comply with security policies
informing users about trends and threats in society
Term
T/F System owners are in control of data classification.
Definition
False
Term
Voice and unified communications are ________ applications that use 64-byte IP packets.
Definition
real-time
Term
T/F A way to protect your organization from personnel-related security violationsis to use job rotation. This minimizes risk by rotating employees among various systems or duties, which prevents collusion.
Definition
True
Term
What term is used to describe communication that doesn’t happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices?
Definition
store-and-forward communications
Term
What is meant by promiscuous mode?
Definition
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
Term
The act of transforming clear text data into undecipherable cipher text is the definition of __________.
Definition
encryption
Term
________ is the difference between the security controls you have in place and the controls youneed to have in place in order to address all vulnerabilities.
Definition
Security gap
Term
The recovery point objective (RPO) identifies the amount of _________ that is acceptable.
Definition
data loss
Term
T/F The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
Definition
True
Term
T/F Until the mid-1980s, personal and business communications involved three primary tools: telephone, answering machines and voicemail, and the Internet.
Definition
False
Term
SIP is a ___________ protocol used to support real-time communications.
Definition
signaling
Term
A ________ is a collection of computers connected to one another or to a common connection medium.
Definition
local area network (LAN)
Term
T/F A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
Definition
True
Term
________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.
Definition
Session Initiation Protocol (SIP)
Term
T/F Authority-level policy is adatabase feature that allows different groups of users to access the database without being able to access each other’s data.
Definition
False
Term
Which of the following adequately defines continuous authentication?
Definition
An authentication method in which a user is authenticated at multiple times or event intervals.
Term
What is meant by call control?
Definition
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.
Term
What is meant by digital subscriber line (DSL)?
Definition
A high-speed digital broadband service that uses copper cabling for Internet access.
Term
What is the Project Management Body of Knowledge (PMBOK)?
Definition
A collection of the knowledge and best practices of the project management profession.
Term
T/F The network security group is responsible for the Internet-to-WAN Domain.
Definition
False
Term
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?
Definition
dense wavelength division multiplexing (DWDM)
Term
What is meant by risk register?
Definition
A list of identified risks that results from the risk-identification process.
Term
A method of restricting resource access to specific periods of time is called ________.
Definition
temporal isolation
Term
________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
Definition
Brute-force password attack
Term
T/F A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.
Definition
True
Term
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Definition
Clean desk/clear screen policy
Term
T/F Many jurisdictions require audits by law.
Definition
True
Term
T/F The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them.
Definition
False
Term
What is meant by rootkit?
Definition
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
Term
T/F AnSOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
Definition
True
Term
T/F Having too many risks in the risk register is much better than overlooking any severe risk that does occur.
Definition
True
Term
The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.
Definition
network interface card (NIC)
Term
What is meant by certification?
Definition
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
Term
Which of the following is the definition of business drivers?
Definition
The collection of components, including people, information, and conditions, that support business objectives.
Term
What is a Security Information and Event Management (SIEM) system?
Definition
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
Term
T/F An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.
Definition
True
Term
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
Definition
quantitative risk analysis
Term
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
Definition
training
Term
As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
Definition
voice
Term
T/F Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization’s network.
Definition
False
Term
E-commerce changed how businesses sell, and the ________ changed how they market.
Definition
Internet
Term
The ___________ framework defines the scope and contents of three levels of audit reports.
Definition
Service Organization Control (SOC)
Term
T/F Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigEfiber-optic trunks.
Definition
True
Term
T/F The International Information Systems Security Certification Consortium (ISC)2, has two certifications: Systems Security Certified Practitioner (SSCP®) and Certified Information Systems Security Professional (CISSP®). CISSP candidates must pass a difficult and comprehensive exam and have at least 5 years of professional information security experience.
Definition
True
Term
________ is an authorization method in which access to resources is decided by the user’s formal status.
Definition
Authority-level policy
Term
T/F Resources are protected objects in a computing system, such as files, computers, or printers.
Definition
True
Term
An organization’s facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
Definition
smart card
Term
T/F The weakest link in the security of an IT infrastructure is the server.
Definition
False
Term
You can use quantitative risk analysis for all risks on the risk register;however, the amount of effort required may be overkill for _____________ risks.
Definition
low probability
low impact
Term
T/F The audit itself sets new policies.
Definition
False
Term
What is meant by application convergence?
Definition
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.
Term
The ____________ represents the fourth layer of defense for a typical IT infrastructure.
Definition
LAN-to-WANDomain
Term
Which of the following defines network mapping?
Definition
Using tools to determine the layout and services running on an organization’s systems and networks.
Term
Malicious software can be hidden in a ________.
Definition
URL link
PDF file
ZIP file
all of the above
Term
________ is the process of managing changes to computer/device configuration or application software.
Definition
Change conrol
Term
This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn’t provide one-time passwords.
Definition
USBtoken
Term
T/F The process of managing the baseline settings of a system device is the definition of configuration control.
Definition
True
Term
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
Definition
controls
Term
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place?
Definition
Federal Information Security Management Act (FISMA)
Encryption
Term
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
Definition
Layer 3 switch
Term
Which of the following is the definition of net cat?
Definition
A network utility program that reads from and writes to network connections.
Term
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Definition
Recovery time objective (RTO)
Term
The total number of errors divided by the total number of bits transmitted is the definition of __________.
Definition
bit error rate
Term
A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.
Definition
asymmetric digital subscriber line (ADSL)
Term
What fills security gaps and software weaknesses?
Definition
Testing and quality assurance
Term
T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.
Definition
True
Term
What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system?
Definition
denial of service (DoS)
Term
For all the technical solutions you can devise to secure your systems, the __________ remains your greatest challenge.
Definition
human element
Term
RTO identifies the maximum allowable ________ to recover the function.
Definition
time
Term
T/F Even though 3G networks provided mobile devices with connection capabilities similar to those of wired networks, they still did not use true IP network addressing.
Definition
True
Term
T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.
Definition
False
Term
T/F A time-based synchronization system is a mechanism that limits access to computer systems and network resources.
Definition
False
Term
T/F Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.
Definition
True
Term
Which of the following is the definition of pattern-based IDS?
Definition
An intrusion detection system that uses pattern matching and state full matching to compare current traffic with activity patterns (signatures) of known network intruders.
Term
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
Definition
SAS 70
Term
What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?
Definition
frame relay
Term
When you accept a __________, you take no further steps to resolve.
Definition
negative risk
Term
Which of the following is the definition of cipher text?
Definition
The opposite of clear text. Data sent as cipher text is not visible and not decipherable.
Term
T/F In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.
Definition
True
Term
T/F
Sprint means one of the small project iterations used in the “agile” method of developing software, in contrast with the usual long project schedules of other ways of developing software.
Definition
True
Term
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
Definition
configurations
Term
T/F Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
Definition
False
Term
________ is an authentication credential that is generally longer and more complex than a password.
Definition
Passphrase
Term
T/F Role-based access control (RBAC) means limiting users’ access to database views, as opposed to allowing users to access data in database tables directly.
Definition
False
Term
A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.
Definition
DRP
Term
T/F An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days.
Definition
False
Term
Audio conferencing is a software-based, real-time audio conference solution for ________ callers.
Definition
VoIP
Term
The primary difference between SOC 2 and SOC 3 reports is ________.
Definition
Their audience
Term
T/F Initiating changes to avoid expected problems is the definition of proactive change management.
Definition
True
Term
T/F The process of managing the baseline settings of a system device is the definition of configuration control.
Definition
True
Term
Which of the following is an accurate description of cloud computing?
Definition
The practice of using computing services that are delivered over a network.
Term
T/F Synchronous token means a device used as a logon authenticator for remote users of a network.
Definition
True
Term
_____________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
Definition
separation of duties
Term
T/F The term security kernel database describes a database made up of rules that determine individual users’ access rights.
Definition
True
Term
In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
Definition
SYNflood
Term
The process of managing risks starts by identifying __________.
Definition
risks
Term
During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.
Definition
analog
Term
The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.
Definition
bit error rate
Term
T/F Mandatory access control (MAC) isa means of restricting access to an object based on the object’s classification and the user’s security clearance.
Definition
True
Term
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.
Definition
Secure Sockets Layer virtual private network (SSL-VPN)
Term
A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.
Definition
operating system (OS)
Term
A___________ primarily addresses the processes, resources, equipment,and devices needed to continue conducting critical business activities when an interruption occurs that affects the business’s viability.
Definition
business continuity plan (BCP)
Term
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version arerunning on a computer?
Definition
operating system fingerprinting
Term
T/F SOC 3 reports are intended for public consumption.
Definition
True
Term
Which of the following is the definition of access control?
Definition
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
Term
What is meant by certification?
Definition
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
Term
The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.
Definition
data classification standard
Term
T/F The term clipping level refers to a value used in security monitoring that tells controls to ignore activity that falls below a stated value.
Definition
True
Term
A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
Definition
cracker
Term
A ___________ is a tool used to scan IP host devices for open ports that have been enabled.
Definition
port scanner
Term
__________ tests interrupt the primary data center and transfer processing capability to an alternate site.
Definition
Full-interruption
Term
War dialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).
Definition
false
Term
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.
Definition
secure shell (SSH)
Term
T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.
Definition
True
Supporting users have an ad free experience!