Security Questions
What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
$250,000
The expression ___ traverses up one directory level.
../
For a Web server's Linux system, the default root directory is typically ____.
/var/www
A study by Foote Partners showed that security certifications earn employees ___ percent more pay then their uncertified counterparts.
10 to 14
Passive tags have ranges from about 1/3 inch to ___ feet.
19
TCP port ___ is the FTP control port used for passing FTP commands.
21
IP address are ___-bit addresses.
32
The SSID can generally be any alphanumeric string from 2 to ___ characters.
32
Most Bluetooth devices use a Class 2 radio range of ___ feet.
33
____ is designed to replace DES.
3DES
in MD5, the length of a message is padded to ___ bits.
512
There are almost ___ different Microsoft Windows file extentions that could contain a virus.
70
According to the FBI, almost ___ percent of crimes committed today leave behind digital evidence that can be retrieved through computer forensics.
75
Approximately ___ percent of households in the US use the Internet for managing their finances.
80
A(n) ___ is a set of permissions that are attached to an object.
ACL
The ____ is a symmetric cipher that was approved by the NIST in late 2000 as a replacement or DES.
AES
____ is the encryption protocol for WPA2.
AES-CCMP
____ is the probability that a risk will occur in a particular year.
ALE
A(n) ___ acts as the "base station" for the wireless network.
AP
___ are generally considered to be the most important information security policies.
Acceptable use policies
____ indicates when an account is no longer active.
Account expiration
_____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by he user.
Adware
Layer 7 of the OSI model is the ___ layer.
Application
____ encryption uses two keys instead of only one and these keys are mathematically related.
Asymmetric
____ can verify the authenticity of the sender and enforce norepudiation to prove that the sender is who he claims to be and cannot deny sending it.
Asymmetric encryption
___ learners tend to sit in the middle of the class and learn best through lectures and discussions.
Auditory
____ ensures that the individual is who the claim to be and not an imposter.
Authentication
A ____ typically begins by identifying threats through a risk assesment.
BIA
DNS poisoning can be prevented by using the latest editions of the DNS software known as ___.
BIND
___ is a comparison of the present state of a system compared to its baseline.
Baseline reporting
The algorithm ____ is a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits,
Blowfish
___ is an attack that sends unsolicted messages to Bluethooth-enabled devices.
Bluejacking
___ is an attack that accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers.
Bluesnarfing
The IEEE 802.15.1-2005 Wireless Personal Area Network standard was based on the ____ specifications.
Bluetooth v1.2
___ attack is where every possible combination of letters, numbers and characers is used to create encrypted passwords.
Brute force
___ is designed to ensure that an organization can continue to function in the event of a natural or man-made disaster.
Business continuity planning and testing
The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____.
C:\Inetpub\wwwroot
A(n) ___ serves as the trusted third-party agency that is responsible for issuing the digital certificates.
CA
Using video cameras to transmit a signal to a specific and limited set of receivers is called ____.
CCTV
The ___ provides recommended baseline security requirements for the use and operation of CA, RA and other PKI components.
CP
___ is designed to detect any changes in a packet, whether accidental or intentional.
CRC
Microsoft Windows ___ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
CardSpace
____ are combination locks that use buttons which must be pushed in the poper sequence to open the door.
Cipher locks
In the ___ cloud computing model, the customer has the highest level of control.
Cloud Infrastructure as a Service
In the ___ model, the cloud computing vendor provides access to the vendor's software applications running an a cloud infrastructure.
Cloud Software as a Service
___ is a pay-per-use computing model in which customers pay only for the computing resources they need.
Cloud computing
___ is related to the perception, thought process and understanding of the user.
Cognitive biometrics
____ uses technology to search for computer evidence of a crime, can attempt to retrieve information that can be used in the pursuit of the attacker or criminal.
Computer forensics
___ ensures that only authorized parties can view information.
Confidentiality
___ is defined as a security analysis of the transaction within its approved context.
Content inspection
____ are a loose-knit network of attackers, identity thieves and financial fraudsters.
Cybercriminals
The ___ model is the least restrictive.
DAC
Entries in the DIB are arranged in a tree structure called the ____.
DIT
___ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
DLP
Each host runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.
DLP agent
In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____.
DMZ
The ___ is a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number.
DNS
When TCP/IP was developed, the host table concept was expanded to ahierarchial name system for matching computer names and numbers known as ____.
DNS
A ___ can create entries in a log for all queries that are received.
DNS log
The Chinese govenment uses ___ to prevent Internet content that it considers unfavorable from reaching its citizenry.
DNS poisoning
___ sbstitutes DNS addresses so that the computer is automatically redirected to aother device.
DNS poisoning
Layer 2 of the OSI model is the ___ layer.
Datalink
___ plans typically include procedures to address redundancy and fault tolerance as well as data backups.
Disaster recovery
____ could contain remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer.
Drive file slack
____ is the time it takes for a key to be pressed and then released.
Dwell time
A(n) ____ packet contains a field that indicates the function of the packet and an identifier field used to match requests and responses.
EAP
___ is a framework for transporting authentication protocols instead of the authentication protocol iteself.
EAP
____ was first proposed in the mid-1980s and it uses sloping curves.
ECC
____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.
EF
A(n) ___ refers to an undocumented, yet benign, hidden feture, that launches by entering a set of special commands, key combinations, or mouse clicks.
Easter Egg
___ can be defined as the study of what a group of people understand to be good and right behavior and how people make judgements.
Ethics
_____ attacks are responsible for half of all malware delivered by Web advertising.
Fake antivirus
A ____ is a metallic enclosure that prevents the entry or escape of an elctromagnetic field.
Farady cage
___ can be used to determine whether new IP addresses are attempting to probe the network.
Firewall logs
___ is an image spam that is divided into multiple layers.
GIF layering
____ uses "speckling" and different colors so that no two spam emails appear to be the same.
Geometric variance
The ___ Act requires banks and financial institutions to alert cutomers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley
Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard, whether it be in paper or electronic format.
HIPAA
___ is designed to display data, with the primary focus on how the data looks.
HTML
The ____ is part of an HTTP paket that is composed of fields that contain the different characteristics of the data being transmitted.
HTTP header
____ can be used to ensure the integrity of a file by guaranteeing that no one has tampered with it.
Hashing
___ is used to relay query messages.
ICMP
___ provides a greater degree of security by implementing port-based authentication.
IEEE 802.1x
____ is using a single authentication credential that us shared across multiple networks.
Identity management
___ involves stealing another person's personal information, such as SIN number, and then using the information to impersonate the victim, generally for financial gain.
Identity theft
___ is the planning, coordination, communications and planning functions that are needed in order to resolve an incident in an efficient manner.
Incident handling
____ can be defined as the "framework" and functions required to enable incident response and incident handling within an organization.
Incident management
____ may be defined as the components required to identify, analyze and contain that incident.
Incident response
___ ensures that the information is correct and no unauthorized person or malicious software has altered that data.
Integrity
____ ensures that information is correct and that no unauthorized person or malicious software has altered the data.
Integrity
One of the most famous ancient cryptographers was ____.
Julius Caesar
___ is an authentication system developed by MIT and is used to verify the identity of networked users.
Kerberos
____ learners learn through a lab environment or other hands-on approaches.
Kinesthetic
The X.500 standard defines a protocol for a client application to access an X.500 directory called ____.
LDAP
___ attacks may allow an attacker to construct LDAP statements based on user input statements.
LDAP injection
___ requires mutual authentication used for WLAN encryption using Cisco client software.
LEAP
____ is a technology that can help to evenly distribute work across a network.
Load balancing
___ can be prewired for electrical power as well as wired network connections.
Locking cabinets
The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion.
Love Bug
____ takes plaintext of any length and creates a hash 128 bits long.
MD2
The most popular attack toolkit, which almost half of the attacker toolkit market is ____.
MPack
___ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
Morals
___ is a technique that allows private IP addresses to be used on the public internet.
NAT
Layer 3 of the OSI model is the ___ layer.
Network
Routers operate at the ____ layer.
Network
IP is the protocol that functions primarily at the OSI ____.
Network Layer
___ permits users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site.
OAuth
____ accounts are user accounts that remain active after an emplyee has left an organization.
Orphaned
___ is a means by which an organization can transfer the risk to a third party who can demonstate a higher capability at managing or reducing risks.
Outsourcing
____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telophony traffic.
P2P
___ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
PAT
____ is considered a more flexible EAP scheme because it creates an encrypted channel between the client and the authentication server.
PEAP
Bluetooth is a ____ technology desgined for data communication over short distances.
Personal Area Network
____ certificates are frequently used to secure email transmissions and typically only require the user's name and email address in order to receive this certificate.
Personal digital
Layer 1 of the OSI model is the ___ layer.
Physical
____ is text that has no formatting (such as bolding or underlining) applied.
Plain text
Layer 6 of the OSI model is the ___ layer.
Presentation
___ IP addresses are IP addresses that are not assigned to any specific user or organization.
Private
____ involves public-key cryptography standards, trust models and key management.
Public key infrastructure
____ attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping.
Quantum cryptography
The primary function of a (n) ___ is to verify the identity of the individual.
RA
___ is suitable for what are called "high-volume service control applications" such as dial-in access to a corporate network.
RADIUS
___ pertains only to the last sector or a file.
RAM slack
ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags.
RFID
The ____ algorithm is the most common asymmetric cryptography algorithm and is the basis for several products.
RSA
The _____ function is a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
Registration Authority
___ provides remote users with the same access and functionality as local users through a VPN or dial-up connection.
Remote access
___ access points are serious threats to network security because they allow attackers to intercept the RF signal and bypass network security to attack the network or capture sensitive data.
Rogue
___ is considered a more "real world" access control than the other models because the access is based on a user's job function within an organization.
Role Based Access Control
___ is often used for managing user access to one ormore systems.
Rule Based Access Contol
Released in 1995, one of the first tools that was widely used for penetration testing was ____.
SATAN
____ allows clients and the server to negotiate independently encryption, authentication and digital signature methods, in any combination, in both directions.
SHTTP
The ___ is the expected monetary loss every time a risk occurs.
SLE
__ is a language used to view and manipulate data that is stored in a relational database.
SQL
TLS is an extention of ___.
SSL
___ is a protocol developed by Netscapre for securely transmitting documents over the internet.
SSL
___ holds the promise of reducing the number of usernames and passwords that users must memorize.
SSO
____ requires that if the fraudulent applicatioon of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.
Seperation of duties
____ certificates enable clients connecting to the Web server to examine the identity of the server's owner.
Server digital
Layer 5 of the OSI model is the ___ layer.
Session
___ is an attack in which an attacker attempts to impersonate the user by using his session token.
Session hijacking
___ is when an attacker tricks another user into giving out information or performing a compromising situation.
Social Engineering
___ accepts spoken words for input as if they had been typed on the keyboard.
Speech recognition
___ can cause fingerprints or other unique characteristics of a person's face, hands or eys to authenticate a user.
Standard biometrics
___ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
Stateful packet filtering
In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of a file.
Swiss Cheese
___ can protect the confidentiality of an email message by ensuring that no one has read it.
Symmetric encryption
____ is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.
TACACS
The most common protocol suite used today for local area networks (LANs) as well as the Internet is ___.
TCP/IP
The ___ is essentially a chip on a motherboard of the computer that provides cryptographic services.
TPM
____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.
Tailgate sensors
Layer 4 of the OSI model is the ___ layer.
Transport
TCP is the main ___ protocol that is responsible for establishing connections and the reliable data transport between devices.
Transport Layer
A ___ is a program advertised as performing one activity but actually does something else.
Trojan
A ___ allows scattered users to be logically groups together even though they may be attached to different switches.
VLAN
It is possible to segment a network by physical devices grouped into logical units through a(n) ___.
VLAN
A(n) ___ encrypts all data that is transmitted between the remote device and the network.
VPN
____ are a person's fundamental beliefs and principles used to define what is good, right and just.
Values
___ is a form of eavesdropping in which special equipment is used to pick up telecommunication signals or data within a computer device by monitoring the electromagnetic fields.
Van Eck phreaking
___ is a means of managing and presenting computer resources by function without regard to their physical layout or location.
Virtualization
____ learners learn through taking notes, being at the front of the class, and watching presentations.
Visual
____ data is the most difficult type of data to capture.
Volatile
A(n) ___ can block malicious content in "real time" as it appears without forst knowing the URL of a dangerous site.
Web security gateway
____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations, including the ISO.
Whirlpool
___ allow a single access point to service different types of users.
Wireless VLANS
___ involves horizontially seperating words, although it is still readable by the human eye.
Word splitting
___ switches are connected directly to the devices on a network.
Workgroup
___ is for the transport and storage of data, with the focus on what the data is.
XML
A(n) ____ model is a standard that provides a redefined framework for hardware and software developers who need to implement access control in their devices or applications.
access control
Slave devices that are connected to the piconet and are sending transmissions are known as ___ slaves.
active
A(n) ___ approach is the art of helping an adult learn.
andragogical
When a device receives a beacon frame from an AP, the device then sends a frame known as a(n) ___ frame to the AP.
association request
The basis for a digital signature rests in the ability of ____ keys to work in both directions.
asymmetric
In a(n) ___ cluster, a standby server exists only to take over for another server in the event of its failure.
asymmetric server
The ____ for software is the code that can be executed by unauthorized users.
attack surface
During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the ____.
authentication request
EAP request packets are issued by the ___.
authenticator
A ___ outlines the major security considerations for a system and becomes the starting point for solid security.
baseline
A ___ outlines the majority security considerations for a system and becomes the starting point for solid security.
baseline
A ___ virus infects the Master Boot Record of a hard disk drive.
boot
With the ___ model, there is one CA that acts as a "facilitator" to interconnect to all other CAs.
bridge trust
A ___ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.
cable lock
To create a rainbow table, each ___ begins with an initial password that is encrypted.
chain
The ___ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
chain of custody
Because of the impact of changes can potentially affect all users, and uncoordinated changes can result in security vulnerabilities, many organizations create a(n) ____ to oversee the changes.
change management team
The set of letters, symbols and characters that make up the passowrd are known as a ___ set.
character
A(n) ___ policy is designed to produce a standardized framework for classifying information assets.
classification of information
A(n) ___ indicates that no process is listening at this port.
closed port
Multiple sectores are used to make up ____.
cluster
While the code for a program is being written, it is being analyzed by a ____.
code review
It is predicted that ____ could become a key element in authentication in the future.
cognitive biometrics
SNMP agents are protected with a password known as a(n) ___ in order to prevent unauthorized users from taking control over a device.
community string
A(n) ____ virus adds a program to the operating system that us a malicious copycat version to a legitimate program.
companion
If a user typically accesses his bank's Web site from his home computer on nights and weekends, then this information can be used to establish a ____ of typical access.
computer footprint
The ___ response team serves as first responders whenever digital evidence needs to be preserved.
computer forensics
Targeted attacked against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.
cybercrime
Buiness ___ theft involves stealing proprietary business information such as research for a new drug or a list of customer that competitors are eager to acquire.
data
Key ____ removes all private and public keys along the the user's identification information in the CA.
destruction
In a ____ attack, attackers use hundreds of thousands of computers in an atatck against a single computer or network.
distributed
The ___ model is the basis for digital certificates issued to Internet users.
distributed trust
A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____.
drive-by-download
A(n) ___ is the end of the tunnel between VPN devices.
endpoint
Key ___ refers to a process in which keys are managed by a third party, such as a trusted CA.
escrow
An ___ is an AP that is set up by an attacker.
evil twin
At the ___ stage of the certificate lifestyle, the certificate can no longer be used.
expiration
Windows Live ID was originally designed as a ____ system that would be used by a wide variety of Web servers.
federated identity management
Securing a restricted area by erecting a barrier is called ____.
fencing
A(n) ___ is hardware or software that is designed to prevent malicious packets from entering or leaving computers.
firewall
A ___ is a feature that controls a device's tolerance for unanswered service requests and helps prevent a DoS attack.
flood guard
In the UAC dialog boxes, the color ___ indicats the lowest risk.
gray
A ___ is a collection of suggestions that should be implemented.
guideline
The most basic type of cryptographic algorithm is a ____ algorithm.
hash
In ___, a virtualized environment is created that simulates the CPU and memory of the computer.
heuristic detection
A ___ is a network set up with intentional vulnerabilities.
honeynet
A ___ is a computer typically located in an area with limited security and loaded with software and data files that appear authentic, yet they are actually imitations of real data files.
honeypot
A ___ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment.
hub
The weakness of passwords centers on ____.
human memory
Server virtualization typically relies on the ___, which is software that runs on a physical computer to manage one or more virtual machines.
hypervisor
A user accessing a computer system must present credentials or ____ when logging on to the system.
identification
The term ___ is frequently used to describe the tasks of securing information that is in a digital format.
information security
NTRUEncrypt uses ____ cryptography that relies on a set of points in space.
lattice-based
A ___ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
logic bomb
Broadcast storms can be prevented with ___.
loop protection
A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks.
macro
An information security ___ position focuses on the administration and management of plans, policies, and people.
manager
A ___ is designed to seprate a nonsecured area from a secured area.
mantrap
A(n) ____ backup is an evidence-grade backup because its accuracy meets evidence standards.
mirror image
Due to the limitations of online guessing, most password attacks today use ___.
offline cracking
A(n) ____ means that the application or service assigned to that port is listening for any instructions.
open port
The action that is taken by the subject over the object is called a(n) ____.
operation
A ___ is a secret combination of letters, numbers and/or characters that only the user should know.
password
Instead of using a key or entering a code to open a doorm a user can display a _____ to identify herself.
physical token
A ___ is a document that outlines specific requirements or rules that must be met.
policy
When performing a vulnerability assesment, many organizations use ___ software to search a system for any port vulnerabilities.
port scanner
A ____ is a number divisible only by itself and 1.
prime number
A(n) ___ policy outlines how the organization uses personal information it collects.
privacy
Symmetric encryption is also called ____ cryptography.
private key
A ___ virus infects program executable files.
program
A(n) ___ is hardware or software that captures packets to decode and analyze its contents.
protocol analyzer
A(n) ____ can alos capture transmissions that contain passwords.
protocol analyzer
The signal from and ID badge is detected as the owner moves near a _____, which receives the signal.
proximity reader
A ___ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
proxy server
The ___ attack will slightly alter dictionalry words by dding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters such as @, $, ! or %.
rainbow tables
A ___ attack is similar to a passice man-in-the-middle attack.
replay
Viruses and worms are said to be self-____.
replicating
A ____ virus is loaded into random access memory each time the computer is turned on and infects files that are opened by the user or the operating system.
resident
A(n) ___ does not serve clients, but instead routes incoming requests to the correct server.
reverse proxy
At the ___ stage of the certificate lifestyle, the certificate is no longer valid.
revocation
At the heart of information security is the concept of ____.
risk
A ___ access point in an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
rogue
A user under Role based Access Control can be assigned only one ____.
role
A ___ is an independently rotating large cups affixed to the top of the fence prevent the hands of intruders from gripping the top of a fence to climb over.
roller barrier
users who access a Web server are usually restricted to the ___ directory.
root
A ___ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses or worms.
rootkit
A ___ forwards packets across computer networks.
router
A ___ is a network device that can forward packets across computer networks.
router
A group of piconets in which connections exist between different piconets is called a ____.
scatternet
The Web sites that facilitate linking individuals with common interests, hobbies, religion, politics or school contacts are called ____ sites.
scoial networking
A ___ is a written document that states how an organization plans to protect the company's information technology assets.
security policy
The position of ____ is generally an entry-level position for a person who ha the necessary skills.
security technician
In Microsoft Windows, a ____ is a collection of security configuration settings.
security template
A policy that addresses security as it relates to human resources is known as a(n) ___ policy.
security-related human resources
A class 2 certificate is known as a ____ certificate.
server digital
Web application attacks are considered ___ attacks.
server-side
A ___ is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party and any guarantees of service.
service level agreement
A ___ is software that is a cumulative package of all security updates plus additional features.
service pack
Examining network traffic, activity, transactions, or behaviour and looking for well-known patterns is known as ___-based monitoring?
signature
A ___ is a component or entity in a system whichm if it no longer functions, will disable the entore system.
single point of failure
What is another name for unsolicited e-mail messages?
spam
An anti-climb collar is a ___ that extends horizontally for up tp 3 feet from the pole to prevent anyone from climbing.
spiked collar
A user or process functioning on behalf of the user that attempts to access an object is known as the ___.
subject
The simplest type of stream cipher is a ____ cipher.
substitution
In a(n) ___ cluster, every server in the cluster performs useful work.
symmetric server
Each operation in a computing environment starts with a ___.
system call
A ___ is a snapshot of the current state of the computer that contains all current settings and data.
system image
HTML is a markup language that uses specific ___ embedded in brackets.
tags
The end product of a penetration test is the penetration ____.
test report
A ___ trust refers to a situation in which two individuals trust each other because each trust a third party.
third-party
The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
threat modeling
A ___ cipher rearranges letters without changing them.
transposition
An operating system that has been reengineered so that it is designed to be secure from the ground up is known as a ____.
trusted OS
A(n) ___ is a device that maintains power to equipment in the event of an interuption in the primary electrical power source.
uninteruptible power supply
A computer ___ is malicious computer code that reproduces itself on the same computer.
virus
Unlike other malware, a ___ is heavily dependent upon the user for its survival.
virus
The two types of malware that have the primary objective of spreading are ____.
viruses and worms
A security weakness is known as a(n) ____.
vulnerability
A ___ in effect takes a snapshot of the current security of the organization.
vulnerability appraisal
A(n) ____ examines the current security in a passive method.
vulnerability scan
A ___ has all of the equipment installed, but does not have active Internet or telecommunications facilities, and does not have current backups of data.
warm site
A ___ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
white box
When DNS servers exchange information among themselves it is known as a ___.
zone transfer