ITN 260 FINAL!!!
Security identifier (SID) for the user or group account or logon session Access mask that specifies access rights controlled by ACE Flag that indicates type of ACE Set of flags that determine whether objects can inherit permissions What structure is this (windows)?
ACE Structure
Provides visual representation of potential attacks Drawn as an inverted tree structure What is this called?
Attack tree
Uses more flexible polices than Rule-Based AC Can combine attributes Policies can take advantage of attributes such as: Object attributes Subject attributes Environment attributes what access control method is this?
Attribute-Based Access Control (ABAC)
Checking the credentials Example: examining the delivery driver's badge This is an example of what?
Authentication
Where you are Example: a military base What you have Example: key fob to lock your car What you are Example: facial characteristics recognized What you know Example: combination to health club locker What you do Example: do something to prove authenticity These are types of?
Authentication credentials
Granting permission to take action Example: allowing delivery driver to pick up package This is an example of what?
Authorization
ensures that only preapproved apps can run on the device This is called?
Application whitelisting
Similar to lattice model Subjects may not create a new object or perform specific functions on lower level objects Security levels What implementation of MAC is this?
Bell-LaPadula (BLP) model
Process of inventorying items with economic value Common assets: People Physical assets Data Hardware Software Factor's to consider in determining value How critical the asset is to the goals of organization How much revenue asset generates How difficult to replace asset Impact of asset unavailability to the organization This is what aspect of vulnerability assessment?
Asset identification
a.Inventory the assets b.Determine the assets' relative value This is what step in risk mitigation
Asset identification, step 1
What is used by nearly all wireless AP vendors and permits or blocks device based on the MAC address?
MAC address filtering
An attacker can intercept the NFC communications between devices and forge a fictitious response. The defense to this is Devices can be configured in pairing so one device can only send while the other can only receive What kind of bluetooth attack is this?
Man-in-the-middle attack
What common EAP protocol simplifies deployment of 802.1x by using Windows logins and passwords. Creates encrypted channel between client and authentication server.
PEAP
Contains information that other devices can read but does not read or receive any information (example, NFC tag - sign on a wall) What kind of NFC device is this?
Passive
Manager who oversees data privacy compliance and manages data risk Ensures the enterprise complies with data privacy laws and its own privacy policies EXAMPLE: Decides that users can have permission to access SALARY.XLSX What role is this?
Privacy Officer
Used to identify and mitigate privacy risks this is called?
Privacy impact assessment (PIA)
Can determine if a system contains personally identifiable information (PII) This is called?
Privacy threshold assessment
A system of cable conduits used to protect classified information that is being transmitted between two secure areas Created by the U.S. Department of Defense (DOD) What is this called?
Protected Distribution Systems (PDS)
Hardware or software that captures packets t decode and analyze contents Also known as sniffers Common uses: Used by network administrators for troubleshooting Characterizing network traffic Security analysis This is called what?
Protocol analyzer
A matrix or two-dimensional barcode which can be read by an imaging device Applications for these codes include: Product tracking, item identification, time tracking, document management, and general marketing What is this called?
QR Code
uses an "educated guess" based on observation Typically assigns a numeric value (1-10) or label (High, Medium, or Low) that represents the risk This is calleD?
Qualitative risk calculation
What kind of Wireless Denial of Service attack is this? attackers use intentional RF interference to flood the RF spectrum with enough interference to prevent a device from communicating with the AP
RF Jamming
Commonly used to transmit information between employee identification badges, inventory tags, book labels, and other paper- based tags that can be detected by a proximity reader What is this?
Radio Frequency Identification (RFID)
Nested-level RAID Mirrored array whose segments are RAID 0 arrays Can achieve high data transfer rates Minimum 5 drives What Raid level is this?
Raid 0+1
Disk mirroring used to connect multiple drives to the same disk controller card Action on primary drive is duplicated on other drive Primary drive can fail and data will not be lost Minimum drives is 2. What raid level is this?
Raid 1 (mirroring)
Distributes parity (error checking) across all drives Data stored on one drive and its parity information stored on another drive Minimum 3 drives
Raid 5 (independent disks with distributed parity)
Creates a large pregenerated data set of candidate digests Can be used repeatedly Faster than dictionary attacks Less memory on the attacking machine is required this is what kind of password attack
Rainbow table
the slack between the end of the logical file and the rest of that sector is called?
Ram Slack
Maximum length of time organization can tolerate between backups
Recovery point objective (RPO)
Length of time it will take to recover backed up data
Recovery time objective (RTO)
Developed in 1992 Became an industry standard Originally designed for remote dial-in access to a corporate network Dial up. What is this?
Remote Authentication Dial In User Service (RADIUS)
The potential for loss, damage or destruction of an asset is?
Risk
Determine damage that would result from an attack Assess the likelihood that the vulnerability is a risk to organization This is what aspect of the vulnerability assessment?
Risk assessment
a.Estimate impact of vulnerability on organization b.Calculate risk likelihood and impact of the risk This is what step in risk mitigation?
Risk assessment, step 4
Determine what to do about risks Determine how much risk can be tolerated. This is what aspect of the vulnerability assessment?
Risk mitigation
a.Decide what to do with the risk This is what step in risk mitigation?
Risk mitigation, step 5
Once a suspicious signal is detect by a wireless probe. The information is sent to a centralized database where WLAN management system software compares it to a list of approved APs Any device not on the list is considered a __________
Rogue AP
What kind of AP attack is this? An unauthorized access point that allows an attacker to bypass network security configurations. Usually set up by an insider (employee). May be set up behind a firewall, opening the network to attacks.
Rogue access point
Also called Non-Discretionary Access Control Access permissions are based on user's job function This role assigns permissions to particular roles in an organization Users are assigned to those roles what access control method is this?
Role Based Access Control (RBAC)
Wireless Device Probe Desktop Probe Access Point Probe Dedicated Probe What tools are these?
Rouge AP (Access Point) Tools
Dynamically assigns roles to subjects based on a set of rules defined by a custodian What access control method is this?
Rule-Based Role-Based Access Control (RB-RBAC)
Penetration testing authorization should be obtained Reasons authorization should be obtained: Legal authorization Indemnification Limit retaliation these are called
Rules of engagment?
used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation. Mulitple ICS are managed by Larger supervisory control and data acquisition What is this called?
SCADA
Disabling ______ broadcast so that only people you've given your ____to can access the network.
SSID, SSID
What kind of Wireless denial of service attack is this? attackers craft a fictitious frame that pretends to come from a trusted client when it actually comes from the attacker
Spoofing
Uses a person's unique physical characteristics for authentication Face, hand, or eye characteristics are used to authenticate What kind of biometrics is this?
Standard
those actions and conduct that are considered normal
Standard operating procedures (SOP)
Tools that examine software without executing the program Just the source code is reviewed and analyzed What is this called?
Static program analyzers
a fenced secure waiting station area Such as an area that can contain visitors to a facility until they can be approved for entry what is this called?
Cage
Intentionally configured with vulnerabilities Contains bogus data files Goal: to trick attackers into revealing their techniques Can then be determined if actual production systems could thwart such an attack This is called?
Honeypot
Genrally run by a commercial disaster recovery service Duplicate of the production site Has all needed equipment Data backups can be moved quickly to the hot site this is what kind of recovery site?
Hot
Used to reduce heat by managing air flow Servers lined up in alternating rows with cold air intakes facing one direction and hot air exhausts facing other direction this is called?
Hot aisle/cold aisle layout
This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. A unified approach to WLAN security. What is this?
IEEE 802.11i
Presenting credentials Example: delivery driver presenting employee badge This is a example of what?
Identification
What type of Access Point is this? A WLAN using a AP is operating in______
Infrastructure Mode
Authentication system developed at MIT Uses encryption and authentication for security Works like using a driver's license to cash a check Ticket system. What is this?
Kerberos authentication
A specialized password hash algorithm that is intentionally designed to be slower Two algorithms: brypt and PBKDF2 What is this password protecting method?
Key Stretching
When a program is used to intentionally gather this information Can be used as an assessment tool to perform an inventory on the services and systems operating on a server this is called
banner grabbing
large concrete ones should be used, what is this called
barricade
The process of authenticating the information supplied to a potential employer by a job applicant in the applicant's resume, application, and interviews
background check
List potential threats that come from threat agents A threat agent is any person or thing with the power to carry out a threat against an asset This is what aspect of the vulnerability assessment?
Threat evaluation
a.Classify the threats by category b.Design attack tree This is what step in risk mitigation?
Threat identification, step 2
Goal: understand attackers and their methods Often done by constructing threat scenarios This is called what?
Threat modeling
Stores sensitive applications and data on a remote server that is accessed through a smartphone Users can customize the display of data as if the data were residing on their own device Enterprise can centrally protect and manage apps and data on server instead of distributing to smartphones This is called?
Virtual desktop infrastructure (VDI)
Determine current weaknesses Takes a snapshot of current organization security Every asset should be viewed in light of each threat Catalog each vulnerability This is what aspect of the vulnerability assessment?
Vulnerability appraisal
a.Determine current weaknesses in protecting assets b. Use vulnerability assessment tools This is what step in risk mitigation?
Vulnerability appraisal, step 3
What is this? an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmissions and Encrypts plaintext into ciphertext.
WEP
Introduced in 2003 by the Wi-Fi Alliance A subset of IEEE 802.11i Two modes: Personal Enterprise Addresses both encryption and authentication What is this?
WPA
When a user is using more than one type of authentication credential Example: what a user knows and what a user has could be used together for authentication This is called?
multifactor authentication
"Rules" that have been established for creating account names Options typically include: First initial of first name followed by last name, First name with a punctuation mark followed by last name Last name followed by department code This is called?
naming conventions
Actions to be taken when an employee leaves an enterprise Steps include: Back up all employee files from local computer and server Archive email Forward email to a manager or coworker Hide the name from the email address book Orphaned accounts Dormant Accounts what is this called?
offboarding
Always running off its battery while main power runs battery charger Not affected by dips or sags in voltage Can serve as a surge protector what kind of UPS is this?
on-line
Refers to the tasks associated with hiring a new employee Steps: Scheduling Job duties Socializing Work space Training What is this called?
onboarding
Most organizations store their off-site backups using an ______
online cloud repository
Register, cache, peripheral memory - First Random access Memory - Second Network State - third Running processes - Fourth these are examples of
orders of volatility
Person responsible for the information Determines the level of security needed for the data and delegates security duties as required EXAMPLE: Determines that the file SALARY.XLSX can be read only by department managers what role is this?
owner
can identify the current software OS and applications being used on the network and indicate which devices might have a vulnerability what kind of vulnerability scanner is this?
passive
Password generators Online Vaults Password management applications These are types of?
password managers
Designed to exploit system weaknesses Relies on tester's skill, knowledge, cunning Usually conducted by independent contractor Tests are usually conducted outside the security perimeter May even disrupt network operations what kind of testing is this?
penetration testing
The state or condition of being free from public attention to the degree that you determine The right to be left alone to the level that you choose This is called?
privacy
Which is the use of duplicated equipment to improve the availability of a system The solution to fault tolerance. This is called?
redundancy
Users can circumvent built-in limitations on smartphones to download from an unofficial third-party app store This is called what on Android devices?
rooting
a testing environment that isolates the untested code from the live production environment Looks for errors after the program has compiled correctly and is running What is this called?
runtime code testing in a sandbox
What is a software security update to repair discovered vulnerabilities
security patch
A written document that states how an organization plans to protect the company's information technology assets Outlines the protections that should be enacted to ensure the organization's assets face minimal risk Having this empowers an organization to take appropriate action to safeguard its data What is this?
security policy
Fraud can result from a single user being trusted with complete control of a process Requires two or more people responsible for functions related to handling money The system is not vulnerable to actions of a single person this is called?
separation of duties
Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
threat
can be used to limit when a user can log into their account This is called?
time-of-day restrictions
Used to create a one-time password (OTP) Authentication code that can be used only once or for a limited period of time Hardware security token Typically a small device with a window display Software security token Stored on a general-purpose device like a laptop computer or smartphone These are all types of?
tokens
Do not use a webcam in any room where private activities take place Place a piece of electrical tape over the lens of a webcam when not in use Only allow permission to access the camera or microphone for apps that require that use Periodically review app permissions on the device and turn off those permissions that are not necessary This is basic precautions for?
unauthorized recording.
Backs up any data that has changed since last full backup
differential backup
A directory service is a database stored on a network Contains information about users and network devices Keeps track of network resources and user's privileges to those resources Grants or denies access based on its information Standard for directory services is known as X.500 Purpose of the standard was to standardize how the data was stored so that any computer system could access directories this is called?
(LDAC) Lightweight Directory Accesss Protocol
Should always be three different copies of backups on at least two different types of storage media and one of the backups should be stored at a different location this is called
3-2-1 back up plan
In 1997 Institute of Electrical and Electronics Engineers (IEEE) released the standard for Wireless local area networks (WLAN) What is this?
802.11
Policy that defines actions users may perform while accessing systems Users include employees, vendors, contractors, and visitors Typically covers all computer use, including mobile devices Unacceptable use may also be outlined by the AUP Generally considered most important information security policy what kind of security policy is this?
Acceptable use policy (AUP)
Antenna and radio transmitter/receiver send and receive wireless signals. Bridging software to interface wireless devices to other devices. Wired network interface allows it to connect by cable to standard wired network. The functions: Acts as "base station" for wireless network Acts as a bridge between wireless and wired networks Can connect to wired network by a cable What is this?
Access Point
Standards that provide a predefined framework for hardware or software developers Use the appropriate model to configure the necessary level of control This is called?
Access control model
Can read information as well as transmit data (smartphone transmitting encrypted credit card info to a POS terminal). Bluetooth uses radio waves, NFC uses electromagnetic radio waves What NFC Device is this?
Active
What type of Access Point is this? Networks that are not using an AP operate in_______ Devices can only communicate between themselves and cannot connect to another network
Ad-Hoc Mode
Historical data can be used to determine the likelihood of a risk occurring within a year
Annualized Rate of Occurrence (ARO)
expected monetary loss that can be expected for an asset due to risk over a one-year period
Annualized loss expectancy (ALE)
Software that examines a computer for infections Scans new documents that might contain viruses Searches for known virus patterns What is this?
Antivirus
An attack that sends unsolicited messages to Bluetooth- enabled devices Text messages, images, or sounds considered more annoying than harmful No data is stolen What kind of attack is this called?
Bluejacking
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection. Often between cell phones and laptops. Attacker copies e-mails, contacts, or other data by connecting to the Bluetooth device without owner's knowledge. What kind of bluetooth attack is this called?
Bluesnarfing
Wireless technology that uses short-range radio frequency (R F) transmissions Provides rapid device pairings Example: smartphone and a Bluetooth mouse Personal Area Network (PAN) technology What is this?
Bluetooth
short but sturdy vertical post that is used as a vehicular traffic barricade to prevent a car from "ramming" into a secured area what is this called?
Bollard
Allows users to use their own personal mobile devices for business purposes Employees have full responsibility for choosing and supporting the device This model is popular with smaller companies or those with temporary staff. This is called?
Bring your own device (BYOD)
the process of: Identifying exposure to threats Creating preventative and recovery procedures Testing them to determine if they are sufficient consists of three essential elements Business recovery planning Crisis management and communications Disaster recovery This is called?
Business Continuity Planning (BCP)
Issued by US Department of Defense Bar code, magnetic strip, and bearer's picture What is this?"
CAC card
Video surveillance cameras transmit a signal to a specific and limited set of receivers What is this called?
CCTV
Methodology for making modifications and keeping track of changes Ensures proper documentation of changes so future changes have less chance of creating a vulnerability Involves all types of changes to information systems
Change management
Employees choose from a limited selection of approved devices but the employee pays the upfront cost of the device while business own contract Employees are offered a suite of choices that the company has approved for security, reliability, and durability Company often provides a stipend to pay monthly fees to wireless carrier This is called?
Choose your own device (CYOD)
Combining two or more devices to appear as a single unit
Clustering
Employees choose from a selection of company approved devices Employees are supplied the device chosen and paid for by the company Company decides level of choice and freedom for employees This is called?
Corporate owned, personally enabled (COPE)
Device is purchased and owned by the enterprise Employee use the phone only for company- related business Enterprise is responsible for all aspects of the device This is called?
Corporate-owned
Provides credentials (username and password) to the scanner so tests for additional internal vulnerabilities can be performed this is what kind of vulnerability scan?
Credentialed vulnerability scan
Individual to whom day- to-day actions have been assigned by the owner Periodically reviews security settings and maintains records of access by end users EXAMPLE: Sets and reviews security settings on SALARY.XLSX what role is this?
Custodian or steward
Least restrictive model Every object has an owner Owners have total control over their objects Owners can give permissions to other subjects over their objects Used on operating systems such as most types of UNIX and Microsoft Windows What kind of access control method is this?
Discretionary Access Control (DAC)
helps prevent computers from becoming infected by different types of spyware
antispyware
Attackers can "bump" a portable reader to a user's smartphone in a crowd to make an NFC connection and steal payment information stored on the phone? The defense to this is This can be prevented by turning off NFC while in a large crowd What kind of Bluetooth attack is this?
Data theft
The theft of a smartphone could allow an attacker to use that phone for purchases. What bluetooth attack is this?
Device theft
Attacker creates digests of common dictionary words Compares against stolen digest file Pre-image attack - a dictionary attack that uses a set of dictionary words and compares it with the stolen digests Birthday attack - the search for any two digests that are the same This is called what kind of password attack?
Dictionary attack
Focuses on protecting and restoring information technology functions Written document detailing process for restoring IT resources: Following a disruptive event Comprehensive in scope Intended to be a detailed document that is updated regularly This is called?
Disaster Recovery Plan (DRP)
What kind of Access point attack is this? AP set up by an attacker Attempts to mimic an authorized AP Attackers capture transmissions from users to evil twin AP
Evil twin
Unencrypted NFC communication between the device and terminal can be intercepted and viewed. The defense to this is Because an attacker must be extremely close to pick up the signal, users should remain aware of their surroundings while making a payment What kind of bluetooth attack is this?
Eavesdropping
Caused by a short-duration burst of energy by the source called an electromagnetic pulse (EMP)
Electromagnetic interference (EMI)
A framework for transporting authentication protocols is known as? Defines the format of the messages Uses four types of packets: Request, response, success, and failure
Extensible Authentication Protocol (EAP)
Refers to a system's ability to deal with malfunctions this is called?
Fault tolerance
Using a single authentication credential shared across multiple networks. when networks are owned by different organizations, this is called?
Federated Identity Management (FIM)
usually a tall, permanent structur and is equipped with other deterrents such as proper lighting and signage. This is called what?
Fencing
Formal contractual relationships as they related to security policy and procedures
interoperability agreements
Secure the crime scene Preserve the evidence Establish a chain of custody Examine the evidence Enable recovery These are 5 steps to?
Forensic Procedures
Starting point for all backups
Full backup
Settings are stored in _________ in Group Policy
Group Policy Objects
Maintain temperature and relative humidity at required levels
HVAC system
A set of written instructions for reacting to a security incident
Incident response plan (IRP)
Connecting any device to the Internet for the purpose of sending and receiving data to be acted upon Includes: Wearable technology and multifunctional devices This is called?
Internet of Things (IoT
Most vendors are concerned with making products as inexpensive as possible, leaving out security protections Devices that do have security capabilities implemented have notoriously weak security These devices have been designed with the capacity for being updated to address exposed security vulnerabilities This and embedded systems that can receive patches often see long gaps between the discovery of the vulnerability and a patch being applied What are these risks for ?
Internet of Things (IoT)
In WEP the ________ is only 24 of the 64 and 128 bit to encrypt. Short length make this easier to break
Intialization vector (IV)
Most restrictive access control model User has no freedom to set any controls or distribute access to other subjects Typically found in military settings Two elements Labels - Every entity is an object and is assigned a classification label that represents the relative importance of the object Subjects are assigned a privilege label (clearance) Levels - a hierarchy based on the labels is used Top secret has a higher level than secret, which has a higher level than confidential what access control method is this?
Mandatory access control (MAC)
What kind of wireless denial of service attack is this? attackers send a frame with the duration field set to a high value, preventing other devices from transmitting for that period of time
Manipulating duration field values.
Separates a secured from a nonsecured area. monitors and controls two interlocking doors Only one door may open at any time
Mantrap
It represents the length of time that an item is expected to last.
Mean time to Failure (MTTF)
describes an agreement between two or more parties
Memorandum of understanding
data about data
Metadata
to guarantee accuracy, rely upon hashing algorithms as part of the validation process meets evidence standards and is a way to copy the hard-drive
Mirror image or bit-stream back up
Tools that allow a device to be managed remotely by an organization Usually involve: A server component that sends out management commands to mobile devices A client component to receive and implement the management commands What is this called?
Mobile device management (MDM)
The action taken by the subject over an object Example: deleting a file
Operation
Determining an object's change in position in relation to its surroundings. What is this called?
Motion Detection
• A set of standards used to establish communication between devices in close proximity. Once devices are brought within 4 cm of each other or tapped together. Two-way communication is established. What is this?
NFC
Can be used to create visual maps of the network that also identify vulnerabilities that need correction This is calleD?
Network mapping scanner(NMAP)
a legal contract that specifies how confidential material will be shared between parties but restricted to others
Non-disclosure agreement (NDA)
Disabling unnecessary ports and services Disabling default accounts/passwords Employing least functionality Application whitelisting/blacklisting These are typical ______________
OS Security configurations
A specific resource Example: file or hardware device This is an example of what?
Object
Least expensive, simplest solution Charged by main power supply Begins supplying power quickly when primary power is interrupted Switches back to standby mode when primary power is restore What kind of UPS is this?
Off-line
Designed to exploit any weaknesses in systems that are vulnerable this is called?
Penetration testing
exploits vulnerabilities in your system architecture. This is called?
Penetration testing
The smart card standard covering all U.S. government employees is the? Used by civilian users working for the Federal government.
Personal Identity Verification (PIV)
Generally covers three important elements: Using company email to send personal email messages Accessing personal email at a place of employment Forwarding company emails to a personal account what kind of security policy is this?
Personal email policy
Established when two Bluetooth devices come within range of each other One device (master) controls all wireless traffic Other device (slave) takes commands Active slaves are sending transmissions Parked slaves are connected but not actively participating What is this called?
Piconet Attack
Searches system for port vulnerabilities Used to determine port state Open, closed, orblocked What tool is this?
Port scanner
- Consists of a random string that is used in hash algorithms Passwords can be protected by adding a random strong to the user's cleartext password before it is hashed Make dictionary attacks and brute force attacks much slower and limit the impact of rainbow tables What is this password protecting method?
Salts
Disable Unused Features Use Strong Authentication Restrict unauthorized users with a screen lock and require a strong passcode Screen Lock Lock screen prevents device from being used until the user enters the correct passcode Set screen to lock after a period of inactivity Passcode Use a personal identification number (PIN) Use a fingerprint "swipe" on a sensor to unlock the device Draw or swipe a specific pattern connecting dots to unlock the device This is called what?
Secure device configuration
An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data Allows a user's login credentials to be stored with a single identity provider instead of being stored on each web service provider's server Used extensively for online e-commerce business-to-business (B2B) and business-to-customer (B2C) transactions This is called?
Security Assertion Markup Language (SAML)
This is used to identify user with subsequent interactions with Windows. Windows links this to an integrity level what is this?
Security identifier (SID)
What accumulates security updates and additional features?
Service Pack
specifies what services will be provided and the responsibilities of each party
Service level agreement (SLA)
this holds promise to reduce burden of usernames and passwords to just one What is this called?
Single Sign on
OAuth, Open ID Connect, and Shibboleth are all examples of?
Single Sign on (SSO)
expected monetary loss every time a risk occurs is called?
Single loss expectancy (SLE)
Puts the application under a heavier than normal load to determine if theprogram is robust and can perform all error handling correctly This is called?
Stress testing
A user or process functioning on behalf of a user Example: computer user This is an example of what?
Subject
If malware is planted in the ROM firmware of a device, it can difficult or impossible to clean an infected device. Users may be receiving infected devices at the point of purchase, unaware of the infection. Cannot be easily prevented. These are considered _________ infection risks
Supply chain
The different steps in the supply chain has opened the door for malware to be injected into products during their manufacturing or storage. This is called?
Supply chain infection
U.S. government has developed a classified standard Intended to prevent attackers from picking up electromagnetic fields from government buildings What is this called?
TEMPEST
• Authentication service similar to RADIUS Commonly used on UNIX devices Communicates by forwarding user authentication information to a centralized server This is called?
Terminal Access Control Access Control System (TACAS)
Maintains power to equipment in the event of an interruption in primary electrical power source
Uninterruptible power supply (UPS)
Second generation Introduced in 2004 Base on final IEEE 802.11i Addresses to major security areas of WLAN's: Encryption Authentication
WPA2
Security key is shared between ___________ and _________ in WEP
Wireless client device and AP
A set of permissions attached to an object Specifies which subjects may access the object and what operations they can perform When a subject requests to perform an operation: System checks this for an approved entry what is this called?
access control list (ACL)
Record of individuals who have permission to enter secure area Records time they entered and left. What is this called?
access list
Managing user account passwords Can be done by setting password rules Too cumbersome to manage on a user-by-user basis Security risk if one user setting is overlooked Preferred approach: assign privileges by group (group policy) Microsoft Windows group password settings Password Policy Settings Account Lockout Policy These are examples of _________
account management practices
Employee accounts Creating location-based policies Establishing standard naming conventions Creating time-of-day restrictions Enforcing least privilege These are important for what kind of setup?
account setup
sends "probes" to network devices and examine the responses received back to evaluate whether a specific device needs remediation what kind of vulnerability scanner is this?
active
processes for developing and ensuring that policies and procedures are carried out this is what kind of security control type?
administrative controls
Mail gateway - monitors emails for spam and other unwanted content Some spam can slip through This filtering software traps spam
antispam
a standby server performs no function except to be ready if needed Used for databases, messaging systems, file and print services what kind of server cluster is this?
asymmetric
Authenticates by normal actions the user performs Keystroke dynamics Attempts to recognize user's typing rhythm All users type at a different pace Provides up to 98 percent accuracy Uses two unique typing variables Dwell time (time it takes to press and release a key) Flight time (time between keystrokes) Holds a great amount of potential It requires no specialized hardware What kind of biometrics is this?
behavioral
Use a strong random number generator to create a salt of at least 128 bits Input the salt and the user's plaintext password into the PBKDF2. Algorithm that is using HMAC-SHA-256 as the core hash. Perform at least 30,000 iterations on PBKDF2 Capture the first 256 bits of output from PBKDF2 as the password digest Store the iteration count, the salt, and the password digest in a secure password database These are what?
best practices for password security
Data and subjects are grouped into ordered levels of integrity what security model is this?
biba
tester has no prior knowledge of network infrastructure what kind of test is this?
black box
Nonapproved senders are also known as
black list
identifies business functions and quantifies the impact a loss of these functions may have on business operations These range from: Impact on property (tangible assets) Impact on finance (monetary funding) Impact on safety (physical protection) Impact on reputation (status) Impact on life (wellbeing) this is called?
business impact analysis (BIA)
Documents that the evidence was maintained under strict control at all times No unauthorized person was given opportunity to corrupt the evidence
chain of custody
combination locks that use buttons that must be pushed in the proper sequence Can be programmed to allow a certain individual's code to be valid on specific dates and times What kind of lock is this?
cipher lock
Designed to ensure that all confidential or sensitive materials are removed form a user's workspace and secured when the items not in use Either in paper form or electronic This is called?
clean desk policy
Relates to perception, thought process, and understanding of the user Easier for user to remember because it is based on user's life experiences Difficult for an attacker to imitate Requires user to identify specific faces User selects one of several "memorable events what kind of biometrics is this?
cognitive
Provides office space Customer must provide and install all equipment needed to continue operations No backups immediately available Less expensive than a hot site Takes longer to resume full operation this is what kind of recovery site?
cold
Performs continuous backups that can be restored immediately Maintains a historical record of all changes made to data Creates a snapshot of the data (like a reference marker) What is this?
continuous data protection (CDP)
sustained and continual surveillance (automation)
continuous monitoring
Searches for errors that could prevent the application from properly compiling from source code to application code What is this called?
compiled code testing
Who sell the data to interested third parties?
data brokers
Data Sensitive data must be properly labeled If mislabeled, could accidentally be publicly distributed This is called?
data labeling
ermanently destroys the entire magnetic-based drive By reducing or eliminating the magnetic field is called?
degaussing
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a program. This is called?
dynamic analysis (fuzzing)
Users can circumvent built-in limitations on smartphones to download from an unofficial third-party app store This is called what on Apple IOS?
jailbreaking
Individuals periodically moved between job responsibilities Employees can rotate within their department or across departments this is called?
job rotation
A "wrap-up" meeting between management representatives and the person leaving an organization either voluntarily or through termination
exit interview
takes advantage of a software vulnerability or security flaw
exploit
Used to replicate attacks during a vulnerability assessment Provides a structure of exploits and monitoring tools This is called?
exploitation framework
Metal enclosure that prevents entry or escape of electromagnetic fields Often used for testing in electronic labs this is called?
faraday cage
What includes enhancements to the software to provide new or expanded functionality? Does not address security vulnerability
feature update
uses the device's GPS to define geographical boundaries where the app can be used
geo-fencing
• Most critical factor in a strong password is length In addition to having long passwords, other recommendations are: Do not use passwords that consist of dictionary words or phonetic words Do not repeat characters or use sequences Do not use birthdays, family member names, pet names, addresses, or any personal information Also, use non-keyboard characters Created by holding down the ALT key while typing a number on the numeric keypad These are all examples of creating a _________?
good password.
some limited information has been provided to the tester what kind of test is this?
gray box
Permits the configuration of multiple computers by setting a single policy for enforcement this is called?
group-based access control
To eliminate as many security risks as possible is the purpose of?
hardening
a network set up with one or more honeypots Set up with intentional vulnerabilities
honeynet
Backs up any data that has changed since last full backup or last incremental backup
incremental backup
Means that only the minimum amount of privileges necessary to perform a job or function should be allocated This is called?
least privilege
Limits fraud, because perpetrator must be present daily to hide fraudulent actions Audit of employee's activities usually scheduled during vacation for sensitive positions This is called?
mandatory vacations
Measures average time until a component fails and must be replaced Can be used to determine number of spare hard drives an organization should keep
mean time between failures (MTBF)
The average amount of time that it will take a device to recover from a failure that is not a terminal failure is called?
mean time to recovery
scans do not use credentials is what kind of vulnerability scan?
non-credentialed vulnerability scan
attempts to create "hard" numbers associated with the risk of an element in a system by using historical data Can be divided into the likelihood of a risk and the impact of a risk being successful this is called?
quantitative risk calculation
reducing paper to fine particles is called?
pulverizing
Users can circumvent built-in limitations on smartphones to download from an unofficial third-party app store This is called what in general?
sideloading
Social media network - grouping individuals and organizations into clusters or groups based on some sort of affiliation Risks of social media: Personal data can be used maliciously Users may be too trusting Accepting friends may have unforeseen consequences Social media security is lax or confusing outlines acceptable employee use of socialmedia be enforced what kind of security policy is this?
social media policy
If one server fails, remaining servers take on failed server's work More cost effective than asymmetric clusters Used for Web, media, and VPN servers what kind of server cluster is this?
symmetric
Simulate an emergency situation but in an informal and stress-free environment This is called
tabletop exercise
security controls carried out or managed by devices this is what kind of security control type?
technical controls
overwriting the disk space with zeros or random data is called?
wiping
Weaknesses or gaps in a security program
vulnerability
checks for known vulnerabilities and generates a report on risk exposure This is called?
vulnerability assessment
All equipment is installed No active Internet or telecommunications facilities No current data backups Less expensive than a hot site Time to turn on connections and install backups can be half a day or more this is what kind of recovery site?
warm
tester has in-depth knowledge of network and systems being tested what kind of test is this?
white box
approved senders are known as
white list
Detects security weaknesses inside the local wireless network with internal vulnerability scanning this is called?
wireless scanner
