Module 4
Emergency operations group
A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
Agile development
A method of developing software that is based on small project iterations, or sprints, instead of long project schedules.
Compliance liaison
A person whose responsibility it is to ensure that employees are aware of and comply with an organization's security policies.
Proactive change management
the act of initiating changes to avoid expected problems
Certification
the technical evaluation of a system to provide assurance that you have implemented it correctly.
Covert act
An act carried out in secrecy.
Service level agreement (SLA)
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Prudent
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
SQL injection
In what type of attack does the attacker send unauthorized commands directly to a database?
False negative
Incorrectly identifying abnormal activity as normal.
Offboarding
Process of managing the way employees leave the organization.
Phishing
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?
White-box testing
Security testing that is based on knowledge of the application's design and source code.
Overt act
an act that is open to view
Interconnection security agreement (ISA)
an interoperability agreement, often an extension of MOU, that documents technical requirements of interconnected assets
Clipping level
A value used in security monitoring that tells the security operations personnel to ignore activity that falls below a stated value
Does the firewall properly block unsolicited network connection attempts?
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Authorizing official (AO)
A designated senior manager who reviews a certification report and makes the decision to approve the system for implementation
SQL injection
A form of web application attack in which a hacker submits SQL (structured query language) expressions to cause authentication bypass, extraction of data, planting of information, or access to a command shell.
Change control committee
A group that oversees all proposed changes to systems and networks.
System life cycle (SLC)
A method used in systems engineering to describe the phases of a system's existence, including design, development, deployment, operation, and disposal
Vulnerability testing
A process of finding the weaknesses in a system and determining which places may be attack points.
Operating system fingerprinting
A reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version is running on a computer
Waterfall model
A software development model that defines how development activities progress from one distinct phase to the next.
Fuzzing
A software testing method that consists of providing random input to software to see how it handles unexpected data.
Internet Architecture Board (IAB)
A subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet
Stateful matching
A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.
Memorandum of understanding (MOU)
An agreement between two or more parties that expresses areas of common interests that result in shared actions
Blanket purchase agreement (BPA)
An agreement that defines a streamlined method of purchasing supplies or services
Anomaly-based IDS
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Real-time monitoring
Analysis of activity as it is happening.
False positive
Incorrectly identifying normal activity as abnormal.
Sprint
One of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.
Gray-box testing
Security testing that is based on limited knowledge of an application's design.
Configuration control
The process of controlling changes to items that have been baselined.
Onboarding
The process that a company uses to integrate new employees into an organization.
Network mapping
Using tools to determine the layout and services running on an organization's systems and networks.
An organization should share its information.
What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?
Baseline
a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products
Service-level agreement
a contractual commitment by a service provider or support organization to its customers or users
Cross-Site request forgery (XSRF)
similar to the XSS attack, an attacker provides script code that causes a trusted user who views the input script to send malicious commands to a webs server. Exploits the trust a server has in a user
Accreditation
the formal acceptance by the authorization offical of the risk of implementing the system
Secure Sockets Layer (SSL)
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Hardened configuration
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
Black-box testing
A method of security testing that isn't based directly on knowledge of a program's architecture.
Clean desk/clear screen policy
A policy stating that users must never leave sensitive information in plain view on an unattended desk or workstation.
Penetration testing
A testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it.
Zone transfer
A unique query of a DNS server that asks it for the contents of its zone.
False positive error
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
Mitigation activities
Any activities designed to reduce the severity of a vulnerability or remove it altogether.
True
Classification scope determines what data you should classify; classification process determines how you handle classified data. True/False?
Reactive change management
Enacting changes in response to reported problems.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets. True/False?
Change control
The process of managing changes to computer/device configuration or application software.
Standard
a mandated requirement for a hardware or software solution that is used to deal with security risk throughout the organization
Privacy policy
a policy that specifies how your organization collects, uses, and disposes of information about individuals
Guideline
a recommendation for how to use or how to purchase a product or system.
Procedure
a set of step-by-step instructions
Event logs
a software or application-generated record that some action has occured.
Functional policy
a statement of an organization's management direction for security in such specific functional areas as email, remote access, and internet surfing.
Job rotation
a strategy to minimize risk by rotating employees between various systems or duties
Pattern-or signature-based IDS
an intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders
Security Information and Event Management system (SIEM)
software and devices that assist in collecting, storing, and analyzing the contents of log files
Remediation
the act of fixing a known risk, threat, or vulnerability that is identified or found in an IT infrastructure
Security administration
the group of individuals responsible for planning, designing, implementing, and monitoring an organization's security plan
Certifier
the individual or team responsible for performing the security test and evaluation.
System owner
the personal responsible for the daily operation of system and for ensuring that the system continues to operate in compliance with conditions set out by the authorizing official
Reconnaissance
the process of gathering information
Benchmark
the standard by which your computer or device is compared to determine if it's securely configured