Term
|
Definition
| ____ is the process of determining what rights and privileges a particular entity has. |
|
|
Term
|
Definition
| ____ is the process of determining and assigning privileges to various resources, objects, or data. |
|
|
Term
|
Definition
| ____ is the process of determining who to hold responsible for a particular activity or event, such as a logon. |
|
|
Term
|
Definition
| ____ is the process of tracking and recording system activities and resource access. |
|
|
Term
|
Definition
| The principle of ____ dictates that users and software should only have the minimal level of access that is necessary for them to perform their duties. |
|
|
Term
|
Definition
| ____ is used to allow privileges only when needed, and then revoke them as soon as the user finishes the task or the need has passed. |
|
|
Term
|
Definition
| ____ is the goal of ensuring that data remains associated with the party that creates it or sends a transmission with that data. |
|
|
Term
|
Definition
| Information security seeks to address three specific principles: confidentiality, integrity, and availability. This is called the ____. |
|
|
Term
|
Definition
| ____ is the fundamental principle of keeping information and communications private and protecting it from unauthorized access. |
|
|
Term
|
Definition
| ____ is the property of keeping organizational information accurate, free of errors, and without unauthorized modifications. |
|
|
Term
|
Definition
| ____ is the fundamental principle of ensuring that systems operate continuously and that authorized persons can access the data that they need. |
|
|
Term
|
Definition
| A _____ is any condition that leaves a system open to attack. |
|
|
Term
|
Definition
| An ____ is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so. |
|
|
Term
|
Definition
| ____ is a concept that indicates exposure to the chance of damage or loss. It signifies the likelihood of a hazard or threat occurring. |
|
|
Term
|
Definition
| _____ is any type of network or data access that is not explicitly approved by an organization. |
|
|
Term
|
Definition
| ____ is a type of attack in which an attacker uses unauthorized access to obtain protected network information. |
|
|
Term
|
Definition
| ____ is a device or program that monitors network communications and captures data. |
|
|
Term
|
Definition
| A ____ is a hacker who discovers and exposes security flaws in applications and operating systems so that manufacturers can fix them before they become widespread problems. |
|
|
Term
|
Definition
| A ____ is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. |
|
|
Term
|
Definition
| A ____ is a security setting that determines the level of access a user or group account has to a particular resource. Permissions can be associated with a variety of resources, such as files, printers, shared folders, and |
|
|
Term
|
Definition
| A ____ is a centralized account management feature available for Active Directory on Windows Server systems. |
|
|
Term
|
Definition
| ____ is the method of uniquely validating a particular entity or individual's credentials. |
|
|
Term
|
Definition
| A ____ is a password that meets the complexity requirements that are set by a system administrator and documented in a security policy or password policy. |
|
|
Term
|
Definition
| ____ are physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information. |
|
|
Term
|
Definition
| _____ are authentication schemes based on an individual's physical characteristics. This system can involve a fingerprint scanner, a retinal scanner, a hand geometry scanner, or voice-recognition and facial-recognition software. |
|
|
Term
|
Definition
| ____ are a common example of token-based authentication. A smart card is a plastic card containing an embedded computer chip that can store different types of electronic information. |
|
|
Term
Multi-factor authentication |
|
Definition
| _____ is any authentication scheme that requires validation of at least two of the possible authentication factors. |
|
|
Term
|
Definition
| _____ is a mechanism in which a single user authentication provides access to all the systems or applications where the user has permission. |
|
|
Term
Extensible Authentication Protocol (EAP) |
|
Definition
| ____ is a protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication. It is a centralized authentication protocol, is often used with EAP. |
|
|
Term
|
Definition
| ____ is an authentication service that is based on a time-sensitive ticket-granting system. |
|
|
Term
Open system authentication |
|
Definition
| ____ is a form of authentication in which names and passwords are not used. This is the default for APs and stations. It enables a station to connect to any wireless AP that has open syetem authenication enabled, even if the SSID is hidden from the station. |
|
|
Term
shared-key authentication |
|
Definition
| The ____ method verifies the identity of a station by using a WEP key. Both the station and the AP must be configured to use data encryption and the same WEP key. |
|
|
Term
|
Definition
| ____ is a cryptographic technique that converts data from plain, or cleartext form, into coded, or ciphertext form. Only authorized parties with the necessary decryption information can decode and read the data. |
|
|
Term
|
Definition
| ____ is the science of hiding information. |
|
|
Term
|
Definition
| A ____ is a specific set of actions used to encrypt data. |
|
|
Term
|
Definition
| In shared-key, or _____, encryption systems, the same key is used both to encode and to decode the message. The secret key must be communicated securely between the two parties involved in the communication. |
|
|
Term
|
Definition
| In key-pair, or ______, encryption systems, each party has two keys: a public key, which anyone can obtain, and a private key, known only to the individual. Anyone can use the public key to encrypt data; only the holder of the associated private key can decrypt it. |
|
|
Term
|
Definition
| A ____ is an electronic document that associates credentials with a public key. Both users and devices can hold certificates. The certificate validates the certificate holder’s identity and is also a way to distribute the holder’s public key. |
|
|
Term
Secure Sockets Layer (SSL) |
|
Definition
| _____ is a security protocol that combines digital certificates for authentication with public key data encryption. It is a server-driven process; any web client that supports it, including all current web browsers, can connect securely to an SSL-enabled server. |
|
|
Term
Transport Layer Security (TLS) |
|
Definition
| ____ is a security protocol that protects sensitive communication from being eavesdropped and tampered. It does this by using a secure, encrypted, and authenticated channel over a TCP/IP connection. |
|
|
Term
|
Definition
| ____ is very similar to SSL, but the two protocols are incompatible with each other. |
|
|
