CTC 362 Midterm #1
Layer 3 switch
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
User Datagram Protocol (UDP)
A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ________.
temporal isolation
A method of restricting resource access to specific periods of time is called ________.
DRP
A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.
packet sniffer
A protocol analyzer or ____________ is a software program that enables a computer to monitor and capture network traffic.
teaching employees about security objectives motivating users to comply with security policies informing users about trends and threats in society
A security awareness program includes ________.
Adware
A software program that collects information about Internet usage and uses it to present targeted advertisements to users is the definition of ________.
Operating System (OS)
A(n) ___________ fingerprint scanner is a software program that allows an attacker to send logon packets to an IP host device.
Business Continuity Plan (BCP)
A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.
Business Impact Analysis (BIA)
A___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption.
Attack
An attempt to exploit a vulnerability of a computer or network component is the definition of ________.
Security Controls
An authentication method in which a user is authenticated at multiple times or event intervals.
secure shell (SSH)
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.
Smart Card
An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
script kiddie
Another type of attacker is called a ________. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing.
risk management
Any organization that is serious about security will view ___________ as an ongoing process.
reactive change management
Enacting changes in response to reported problems is called ________.
A system that puts access control into the hands of people, such as department managers, who are closest to system users; there is no one centralized entity to process access requests in this system.
How is decentralized access control defined?
Quality of Service (QoS)
If VoIP traffic needs to traverse through a WAN with congestion, you need ___________.
mobile devices
Medical practices and hospitals realized early on that ________ provide(s) the ability to provide access to the necessary information without having to invest in many computers and network infrastructure.
traffic prioritization
Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays.
Social Engineering
One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.
probability
Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.
Signaling
SIP is a ___________ protocol used to support real-time communications.
security kernel
The ____________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems.
identifying tracking previously identified analyzing
The formal process of monitoring and controlling risk focuses on _____________ new risks.
Quantitative Risk Analysis
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
configuration control
The process of managing the baseline settings of a system device is called ________.
Confidentiality
The requirement to keep information private or secret is the definition of __________.
bit error rate
The total number of errors divided by the total number of bits transmitted is the definition of __________.
USB Token
This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.
Testing and quality assurance
What fills security gaps and software weaknesses?
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
What is meant by certification?
A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration.
What is meant by firewall?
A database feature that allows different groups of users to access the database without being able to access each other's data.
What is meant by multi-tenancy?
An attack that seeks to obtain personal or private financial information through domain spoofing.
What is meant by pharming?
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
What is meant by promiscuous mode?
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
What is meant by rootkit?
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization.
What is meant by standard?
Baseline
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
Power Over Ethernet (PoE)
What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?
security event log
When an information security breach occurs in your organization, a __________ helps determine what happened to the system and when.
A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
Which of the following best describes quantitative risk analysis?
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
Which of the following is the definition of access control?
iris scans
Which of these biometric authentication methods is not as accurate as the rest?
wireless access point (WAP)
With wireless LANs (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _____________.
low probability low impact
You can use quantitative risk analysis for all risks on the risk register; however, the amount of effort required may be overkill for _____________ risks.
risk-response
Your _________ plan shows that you have examined risks to your organization and have developed plans to address each risk.
Passphrase
________ is an authentication credential that is generally longer and more complex than a password.
Authority-level policy
________ is an authorization method in which access to resources is decided by the user's formal status.