ITSY 1300 EXAM 2
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
What is meant by authorizing official (AO)?
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
What is meant by certification?
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
________ is the process of managing changes to computer/device configuration or application software.
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Clean desk/clear screen policy.
The process of managing the baseline settings of a system device is called _______.
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is _)_____.
Emergency operations group
which of the following is the definition of guideline?
A recommendation to purchase or how to use a product or system.
Which of the following is the definition of anomaly-based IDS?
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ______.
As your organization evolves and as threats mature, it is important to make sure your _______ still meet(s) the risks you face today.
One of the best ways to avoid wasting your organizations’s resources is to ensure that you follow the ______ a review cycle.
It’s essential to match your organization’s required ______ with its security structure.
Security audits help ensure that your rules and ______ are up to date, documented, and subject to change control procedures.
______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced ( or otherwise addressed) the risks to your organization.
Audits are necessary because of _______.
mandatory regulatory compliance
mandatory regulatory compliance
_______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
The _______ framework defines the scope and contents of three levels of audit reports
Service Organization Control (SOC)
How your organization responds to risk reflects the value it puts on its _______.
A countermeasure, without a corresponding _______, is a solution seeking a problem; you can never justify the cost.
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
Business continuity plan
_______ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
A _______ is a flaw or weakness in a system’s security procedures, design, implementation or internal controls.
_______ refers to the amount of harm a threat can cause by exploiting a vulnerability.
An attacker or event that might exploit a vulnerability is a(n) _______.
A(n) _______ is an intent and method to exploit a vulnerability.
A threat source can be a situation or method that might accidentally trigger a(n) _______.
A(n) _______ is a measurable occurrence that has an impact on the business.
Cryptography accomplishes four security goals: confidentiality, integrity, authentication and _______.
Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication and _______.
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?
Asymmetric key cryptography
The number of possible keys to a cipher is a _______.
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
The most scrutinized cipher in history is the _______.
Data Encryption Standard (DES)
_______ is a one-way calculation of information that yields a result usually much smaller than the original message.
A _______ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
_______ enables you to prevent a party from denying a previous statement or action.
Certain security objectives add value to information systems. _______ provides an exact time when a producer creates or sends information.
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
Which OSI Reference Model layer is responsible for the coding of data?
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
Data Link Layer
Which OSI Reference Model layer creates, maintains and disconnects communications that take place between processes over the network?
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address.
Data Link Layer
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
Which of the following is the definition of hub?
A network device that connects network segments, echoing all receive traffic to all other ports.
_______ is a suite of protocols designed to connect sites securely using IP networks.
Internet Protocol Security (IPSec)
_______ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask and other essential communication information, simplifying the network administrator’s job.
Dynamic Host Configuration Protocol (DHCP)
Network _______ is gathering information about a network for use in a future attack.