ITSY 1300 EXAM 2

ITSY 1300 EXAM 2

What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
Agile development
What is meant by authorizing official (AO)?
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
Baseline
What is meant by certification?
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
Certifier
________ is the process of managing changes to computer/device configuration or application software.
Change control
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Clean desk/clear screen policy.
The process of managing the baseline settings of a system device is called _______.
Configuration control
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is _)_____.
Emergency operations group
which of the following is the definition of guideline?
A recommendation to purchase or how to use a product or system.
Which of the following is the definition of anomaly-based IDS?
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ______.
Standards
As your organization evolves and as threats mature, it is important to make sure your _______ still meet(s) the risks you face today.
Controls
One of the best ways to avoid wasting your organizations’s resources is to ensure that you follow the ______ a review cycle.
Security
It’s essential to match your organization’s required ______ with its security structure.
Permission level
Security audits help ensure that your rules and ______ are up to date, documented, and subject to change control procedures.
Configurations
______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced ( or otherwise addressed) the risks to your organization.
An audit
Audits are necessary because of _______.
potential liability
negligence
mandatory regulatory compliance
_______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
SAS 70
The _______ framework defines the scope and contents of three levels of audit reports
Service Organization Control (SOC)
How your organization responds to risk reflects the value it puts on its _______.
Assets
A countermeasure, without a corresponding _______, is a solution seeking a problem; you can never justify the cost.
Risk
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
Business continuity plan
_______ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
Risk
A _______ is a flaw or weakness in a system’s security procedures, design, implementation or internal controls.
Vulnerability
_______ refers to the amount of harm a threat can cause by exploiting a vulnerability.
Impact
An attacker or event that might exploit a vulnerability is a(n) _______.
Threat source
A(n) _______ is an intent and method to exploit a vulnerability.
Threat source
A threat source can be a situation or method that might accidentally trigger a(n) _______.
Vulnerability
A(n) _______ is a measurable occurrence that has an impact on the business.
Event
Cryptography accomplishes four security goals: confidentiality, integrity, authentication and _______.
Nonrepudiation
Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication and _______.
Confidentiality
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?
Asymmetric key cryptography
The number of possible keys to a cipher is a _______.
Keyspace
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
Brute-force attack
The most scrutinized cipher in history is the _______.
Data Encryption Standard (DES)
_______ is a one-way calculation of information that yields a result usually much smaller than the original message.
Checksum
A _______ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
Caesar cipher
_______ enables you to prevent a party from denying a previous statement or action.
Nonrepudiation
Certain security objectives add value to information systems. _______ provides an exact time when a producer creates or sends information.
Timestamping
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
Application Layer
Which OSI Reference Model layer is responsible for the coding of data?
Presentation Layer
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
Data Link Layer
Which OSI Reference Model layer creates, maintains and disconnects communications that take place between processes over the network?
Session Layer
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address.
Data Link Layer
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
Physical Layer
Which of the following is the definition of hub?
A network device that connects network segments, echoing all receive traffic to all other ports.
_______ is a suite of protocols designed to connect sites securely using IP networks.
Internet Protocol Security (IPSec)
_______ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask and other essential communication information, simplifying the network administrator’s job.
Dynamic Host Configuration Protocol (DHCP)
Network _______ is gathering information about a network for use in a future attack.
Reconnaissance