Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Black-box Testing

A method of security testing that isn't based directly on knowledge of a program's architecture.

Hardening

A process of changing hardware and software configurations to make computers and devices as secure as possible.

Vulnerability Testing

A process of finding the weaknesses in a system and determining which places may be attack points.

Operating System Fingerprinting

A reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version is running on a computer.

Stateful matching

A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

Penetration Testing

A testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it.

Zone Transfer

A unique query of a DNS server that asks it for the contents of its zone.

Clipping Level

A value used in security monitoring that tells the security operations personnel to ignore activity that falls below a stated value.

Covert Act

An act carried out in secrecy.

Overt Act

An act carried out in the open or easily viewed by others.

Anomaly-based IDS

An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.

Pattern / Signature Based IDS

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

Real-Time Monitoring

Analysis of activity as it is happening.

Mitigation Activities

Any activities designed to reduce the severity of a vulnerability or remove it altogether.

False Negative

Incorrectly identifying abnormal activity as normal.

False Positive

Incorrectly identifying normal activity as abnormal.

White-box Testing

Security testing that is based on knowledge of the application's design and source code.

Gray-box Testing

Security testing that is based on limited knowledge of an application's design.

(SIEM) Security Information and Event Management System

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

Reconnaissance

The process of gathering information.

Benchmark

The standard by which your computer or device is compared to determine if it's securely configured.

Hardened Configuration

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

Network Mapping

Using tools to determine the layout and services running on an organization's systems and networks.


Ensembles d'études connexes

Political Science Test One Chapter 2

View Set

MGMT 490: Chapter 1 - Learnsmart, Activity and Quiz Questions

View Set

Hinkle PrepU Chapter 36: Management of Patients With Immune Deficiency Disorders

View Set

Select whether the dispute is verbal, factual, or some combination of the two. If verbal, select whether the dispute arises from vagueness or ambiguity.

View Set

Chapter 11: Enlightenment: Science and the New Learning

View Set

AZ-103-Exam-Dumps-AZ-103-Braindumps-AZ-103-VCE-AZ-103-PDF-Exam-Questions: from www.passleader.com

View Set

CompTIA Security+; Ch 2: Exploring Control Types and Methods

View Set

Chapter 3: Tax Formula and Tax Determination; An Overview of Property Transactions

View Set