Term
While most attacks take advantage of vulnerabilities that someone has already
uncovered ,a______________ occurs when an attacker discovers and exploits a previously unkown flaw. |
|
Definition
|
|
Term
| What involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire? |
|
Definition
|
|
Term
| What is Children's Online Privacy Protection Act(COPPA)? |
|
Definition
| It requires operators of online services ,or web sites designed for children under the age of 13 to obtain parental consent prior to the collect, use, disclosure, or display of a child's personal information |
|
|
Term
| What kind of virus can alter how they appear to avoid detection? |
|
Definition
|
|
Term
| What involves horizontally separating words, although still readable by the human eye? |
|
Definition
|
|
Term
What has a means of managing and presenting computer resources by funtion
without regard to their physical layout or location? |
|
Definition
|
|
Term
| The goal of ASLR(Address Space Layout Randomization)is what? |
|
Definition
| To make it harder to predict where the operating system functionality resides in memory. |
|
|
Term
|
Definition
Instead of the Web Server asking the user for the same information each time she vists that site, the server can store that user-specific information in a file on the user's local computer and then retrieve it later
or
Cookie Monsters Favorite food |
|
|
Term
| What represents a specific way of implementing __________and are sometimes called ________application? |
|
Definition
|
|
Term
| What is responsible for incoming mail? |
|
Definition
| Post Office Protocol(POP3) |
|
|
Term
| Which is a server program operated by the person or organization that wants to share the file? |
|
Definition
|
|
Term
| What is an entry in the Domain Name System(DNS) that identifies the mail server responible for handling that domain name? |
|
Definition
| The MX (mail exchange)record |
|
|
Term
| What allows the administrator to configure the switch to redirect traffic that occurs on some or all ports to a designated monitoring port on the switch |
|
Definition
|
|
Term
| With wireless CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)the amount of time that a device must wait after the medium is clear is? |
|
Definition
|
|
Term
| What makes a copy of the transmission before sending it to the recipient |
|
Definition
|
|
Term
| How can Dns poisoning be prevented by using the latest editions of DNS software |
|
Definition
|
|
Term
| In order for a hosting using TCp/Ip on an Ethernet network to find the MAC address of another deviceit uaes______? |
|
Definition
| Address Resolution Protocol (ARP) |
|
|
Term
| At regular intervals (normally every 100 microseconds)a wireless AP sends a beacon frame to annouce its presence and to provide the necessary information for devices that want to join the network this iss called what? |
|
Definition
|
|
Term
| Using subnetting, networks can essentiallybe divided into three parts what are they? |
|
Definition
| Networks, subnet, and host |
|
|
Term
| What does NAC(Network Access Control) do? |
|
Definition
| Examines the current state of a system or network device before it is allowed to connect to the network. |
|
|
Term
|
Definition
| Is to prevent computers with sub-optimal security from potentially infecting other computers through the network. |
|
|
Term
| What does Host Intrusion Detection Systems(HIDS) purpose? |
|
Definition
| Is a software-basedsystem that attempts to monitor and possibly prevents attempts to attack a local system |
|
|
Term
| What monitors Internet traffic and blocks access to preselected Web sites and files |
|
Definition
|
|
Term
| information security a loss can be ________ |
|
Definition
|
|
Term
| What is Port Address Translation(PAT) |
|
Definition
| Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number |
|
|
Term
| According to the FBI Computer Crime and Security Survey, the loss of data of respondents was approximately what number? (Page 93) |
|
Definition
|
|
Term
| What act is designed to broaden the surveillance of law enforcement agences to detect and suppress terroism?(page 14) |
|
Definition
|
|
Term
| According to a research group, over what fraction of daily email messages are unsolicited and could be carring a malicious payload. (Page 15) |
|
Definition
|
|
Term
| What is a program advertised as preforming one activity but actually does something else?(Page 44) |
|
Definition
|
|
Term
| One type of virtualization in which an entire operating system environment is simulated is known as what? (Page 59) |
|
Definition
| Operating System Virtualization |
|
|
Term
| What typically involes using clients-side scripts written in Java Script that are designed to extract information from the victim and then pass the information to the attacker(Page 93) |
|
Definition
| Cross Site Scripting(XSS) |
|
|
Term
| What is a process of ensuring that any inputs are "clean"and will not corrupt the system? (Page 93) |
|
Definition
|
|
Term
| What are active Internet connections that down load a specfic file that is available through a tracker.(Page 99) |
|
Definition
|
|
Term
| What wireless CSMA/CA, the amount of time that a device must wait after the medium is clear is called what? (Page 128) |
|
Definition
|
|
Term
| The most common type of antenna for war driving is an omnidirectional antenna, also known as what?(Page 139) |
|
Definition
|
|
Term
| What is the name given to a wireless technology that uses short-range RF transmission? (Page 139) |
|
Definition
|
|
Term
| What is the unauthorized access of information from a wireless device through a bluetooth connection? (Page 141)Blue Jacking |
|
Definition
|
|
Term
| Using__________, networks can essentially be divided into three parts: networks, subnet, and host.(Page 155) |
|
Definition
|
|
Term
| What kind of IP addresses are not assigned to any specific users or organization;Instead ,they can be used by any user on the private Internal network.(Page 162) |
|
Definition
|
|
Term
| _________ packet filtering keeps a record of the state of a connection between an internal computer and an external server and then makes decision based on the connection as well as the rule base.(Page 167) |
|
Definition
|
|
Term
| What kind of honeypots are complex to deploy and capture extensive information.These are used primarily by research, military, and government organizations.(Page170) |
|
Definition
|
|
Term
| What is an instruction that interrupts the programs being executed and request a service from the operating system.(Page 172) |
|
Definition
|
|
Term
| What works to protect the entire network and all devices that are connected to it?(Page173) |
|
Definition
| Network Intrusion Prevention System |
|
|
Term
| What can fully decode application layer network protocols.Once these protocols are decoded,the different parts of the protocols can be analyzed for any suspicious behavior.(Page 315) |
|
Definition
|
|
Term
| What is an industry standard protocol specification that fowards user name and password information to a centralized server.(Page280) |
|
Definition
| Terminal Access Control Acess Control System (TACACS) |
|
|
Term
| What is sometimes called X>500 Lite, and also a subset of DAP?(Page281) |
|
Definition
| Lightweight Directory Access Protocol(LDAP) |
|
|
Term
| What refers to any combination of hardware and software that enables accessw to remote users to a local internal network.(Page284) |
|
Definition
| Remote Access Services(RAS) |
|
|
Term
| What is the end of the tunnel between VPN devices.(Page285) |
|
Definition
|
|
Term
| What generally denotes a potential nerative impact to an asset.(Page304) |
|
Definition
|
|
Term
| What model cam dynamically assign roles to subject based on a set of rules defined by a custodian.(Page232) |
|
Definition
| Rule Based Access Control (RBAC) |
|
|
Term
| In the earrly 1980's, the IEEE began work on developing computer network architecture standards, this work is calles whay?(Page191) |
|
Definition
|
|
Term
| What was designed to ensure that only authorizaed parties can view transmittes wireless information?(Page 193) |
|
Definition
| Wired Equivalent Privacy(WEP) |
|
|
Term
| The plain text to be transmitted has a CRC value calculated,which is a checksum based on the contents of the text.WEP calls this __________ and appeals it to the end of the text. |
|
Definition
| Integrity Check Value (ICV) |
|
|
Term
| In order to address growing wireless security concerns, in October 2003, the WI-FI Alliance introduced what?(Page203) |
|
Definition
| Wifi Protcted Access(WPA) |
|
|
Term
| Regarding access control,waht is a specific resources, such as a file or a hardware devic.(Page228) |
|
Definition
|
|
Term
| What is a practice that requires taht if the fraudulent application of a process could potentially result in a breech of security,then the process should be divided between two or more indivduals(Page233) |
|
Definition
|
|
Term
| The principle of __________in access control means that each user should be given only the minimal amount of priviledges necessary to preform his or her job funtion.(Page233) |
|
Definition
|
|
Term
| What is the verification of the credentials to ensure that they are genuine and not fabricated(Page267) |
|
Definition
|
|
Term
| What is the presention of credentials or identication typically preformed when logging on to a system (Page 267) |
|
Definition
|
|
Term
| Who grants premission for admittance(Page267) |
|
Definition
|
|
Term
| What is the most common type of OTP (Page268) |
|
Definition
|
|
Term
What is a decentralized open sources FIM
that does not require specific software to be installed on the desktop.(Page 277) |
|
Definition
|
|
Term
| The International Organization for Standardization(ISO) created a standard for directory srevices known as what (Page 281) |
|
Definition
|
|
Term
| What is a very basic authentication protocol that was used to authentication a user to a remote access server or to an Internetservices provider(ISP) (Page 283) |
|
Definition
| Password Authenication Protocol(PAP) |
|
|
Term
| Known as __________, this in effect takes a snapshot of the security of the organization as it now stands (Page 308) |
|
Definition
|
|
Term
| What is the expected monetary loss eveytime a risk occurs (Page 309) |
|
Definition
| Single Loss Expectancy(SLE) |
|
|
Term
| What kind of risk is spread over all of the members of the pool (Page 311) |
|
Definition
|
|
Term
| Most communication in TCP/TP involves the exchange of information between a program running on one device known as what (Page 312) |
|
Definition
|
|
Term
| TCP/IP uses a numeric value as an identifer to applications and services on the systems. This is known as what (Page 312) |
|
Definition
|
|
Term
| The Windows file and folder ________ premission allows files and folders to be opened as read only and to be copied(Page 335) |
|
Definition
|
|
Term
| What premissions allows the creation of files and folders,and allow data to be added to or removed from files (Page335) |
|
Definition
|
|
Term
| ILM strategies are typically recorded on what kind of policies |
|
Definition
| Storage and Retention Policies |
|
|
Term
| What is the process of generating,transmitting and disposing of computer security log data (Page340) |
|
Definition
|
|
Term
| What logs can be used to determined whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them (Page 342) |
|
Definition
|
|
Term
| What is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server,or even personal digital assistant(PDA) or cell phone (Page349) |
|
Definition
|
|
