Security Plus sy0-501D

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

passive response

A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.

implicit deny

A condition that states that unless otherwise given, the permission will be denied

demilitarized zone (DMZ)

A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.

honeynet

A network that functions in the same manner as a honeypot

Secure Sockets Layer (SSL)

A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer

HSM (hardware security module)

A software or appliance stand-alone used to enhance security and commonly used with PKI systems

analyzer

The component or process that analyzes the data collected by the sensor.

false negative

An event that should be flagged but isn't

data loss prevention (DLP)

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

network access control (NAC)

The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.

intrusion detection system (IDS)

Tools that identify attacks using defined rules or logic and are considered passive. An IDS can be network based or hosts based.

intrusion prevention system (IPS)

Tools that respond to attacks using defied rules or logic and are considered active. An IPS can be network based or host based.

active response

a response generated in real time

risk acceptance

a strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen

SLA

service level agreement - an agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA

firewall

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.

application-level proxy

A device or software that recognizes application-specific commands and offers granular control over them.

honeypot

A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.

stateful packet inspection (SPI)

A firewall that not only examines each packet but also remembers the recent previous packets.

false positive

A flagged event that isn't really an event and has been falsely triggered.

appliance

A freestanding device that operates in a largely self-contained manner.

clustering

A method of balancing loads and providing fault tolerance.

proxy firewall

A proxy server that also acts as a firewall, blocking network access from external networks.

Internet Protocol Security (IPSec)

A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.

signature-based system

A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.

intrusion prevention system (IPS)

A system that monitors the network for possible intrusions and logs that activity and then blocks the traffic that is suspected of being an attack.

intrusion detection system (IDS)

A system that monitors the network for possible intrusions and logs that activity.

access control list (ACL)

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network

proxy server

A type of server that makes a single Internet connection and services requests on behalf of many users.

proxy

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

host-based IDS (HIDS)

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

network intrusion prevention system (NIPS)

An intrusion prevention system that is net-work based.

personally identifiable information (PII)

Any information that could identify a particular individual.

load balancing

Dividing a load for greater efficiency of management among multiple devices.

stateful inspection

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every comunications channel

SIEM

Security information and event management software combines security information management (SIM) and security event management (SEM) functions to provide real-time analysis of security alerts.

access point (AP)

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point

BPA

business partners agreement - an agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.

EF

exposure factor - the potential percentage of loss to an asset if a threat is realized

compensating controls

gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we compensate for them).

MTD

maximum tolerable downtime - the maximum period of time that a business process can be down before the survival of the organization is at risk.

MTBF

mean time between failures - The measurement of the anticipated lifetime of a system or component

MTTF

mean time to failure - the measurement of the average of how long it takes a system or component to fail

MTTR

mean time to restore - the measurement of how long it takes to repair a system or component once a failure occurs.

MOU/MOA

most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system.

anomalies

variations from normal operations

information security management system (ISMS)

A broad term that applies to a wide range of systems used to manage information security.

Encapsulating Security Payload (ESP)

An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).

Authentication Header (AH)

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and t provide protection against replays.

SSID broadcast

An access point's broadcasting of the network name

anomaly-detection IDS (AD-IDS_

An anomaly-detection intrusion detection system works by looking for deviation from a pattern of normal network traffic

all-in-one appliance

An appliance that performs multiple functions

network-based IDS (NIDS)

An approach to an intrusion detection system (IDS); it attaches the system to a point i the network where it can monitor and report on all network traffic.

software-defined network (SDN)

The entire network, including all security devices, is virtualized.

key management

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement

vulnerability

a flaw weakness in some part of a system's security procedures, design, implementation, or internal controls that cold expose it to danger (accidental or intentional) and result in a violation of the security policy

alarm

a notification that an unusual condition exists and should be investigated

SPOF

a single weakness that is capable of bringing an entire system down

risk avoidance

a strategy of dealing with risk in which it is decided tat he best approach is to avoid the risk

risk deterrence

a strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk

risk mitigation

a strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.

risk transference

a strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility

acceptable use policy/rules of behavior

agreed-upon principles set forth by a company to govern how the employees of that company may use resource such a computers and internet access.

BIA

business impact analysis - a study of the possible impact if a disruption to a business' vital resources were to occur.

risk assessment

an evaluation of the possibility of a threat or vulnerability existing. an assessment must be performed before any other actions - such as how much to spend on security in terms of dollars and manpower - can be decided.

alert

an indication that a unusual condition could exist and should be investigated.

ALE

annual loss expectancy - a calculation used to identify risks and calculate the expected loss each year

ARO

annualized rate of occurrence - a calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5 or .2

AV (managing risk)

asset value - the assessed value of an item (server, property, and so on) associated with cash flow.

ISA

interconnection security agreement - as defined by NIST (in Publication 800-47), it is "an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations."

RPO

recovery point objective - the point last known good data prior to an outage that is used to recover systems.

RTO

recovery time objective - the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable.

RAID

redundant array of independent disks - a configuration of multiple hard disks used to provide fault tolerance should a disk fail. different levels of RAID exist

switch

switches break up collision domains, while routers (and VLANs) break up collision domains and broadcast domains. Also, a broadcast domain can contain multiple collision domains, but a collision domain can never have more than one broadcast domain associated with it.

SLE

the cost of a single loss when it occurs. this loss can be a critical failure, or it can be the result of an attack

risk

the probability that a particular threat will occur, either accidentally or intentionally, including both leaving a system vulnerable and its impact.

risk calculation

the process of calculating the risks that exist in terms of costs, number, frequency, and so forth

encapsulation

the process of enclosing data in a packet


संबंधित स्टडी सेट्स

Chapter 5- System Software: The Operating System, Utility Programs, and File Management

View Set

Psychology Chapter 12 Extra Notes

View Set

Pharmacology PAWS Post Acute Withdrawal Symptoms

View Set

3. Describe how each of the following inflamed tensions in Europe: nationalism, militarism, alliances, and imperialism. Do you think that war could have been avoided in 1914?

View Set

Preguntas Personales y Respuestas (Personal Questions & Answers) #1-10

View Set

CompTIA IT Fundamentals FC0-U51; File Extensions

View Set

Electric Forces and Fields, Electrical Potential Energy, Electric Current and Resistance

View Set