Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A wide range of cybersecurity concepts and terminology, including network protocols, hacking techniques, security controls, cryptography, risk management, and regulatory standards. It provides a comprehensive overview of the key elements that make up the field of cybersecurity, equipping readers with a solid understanding of the fundamental principles and practices. The content is structured in a way that allows for easy reference and learning, making it a valuable resource for students, professionals, and anyone interested in enhancing their knowledge of cybersecurity. The document delves into topics such as network security, access control, incident response, and compliance, offering insights into the evolving landscape of cybersecurity and the strategies employed to protect against various threats. By studying this document, readers can gain a deeper appreciation for the complexities and importance of safeguarding digital assets in the modern, interconnected world.
Typology: Exams
1 / 12
business continuity plan (BCP) - Answer- A _________________ gives priorities to the functions an organization needs to keep going. signaling - Answer- SIP is a _________ protocol used to support real-time communications Disaster Recovery Plan (DRP) - Answer- A ____________ defines how a business gets back on its feet after a major disaster like a fire or hurricane. End-User License Agreement (EULA) - Answer- Software vendors must protect themselves from the liabilities of their own vulnerabilities with an _____________. Cryptography - Answer- ______________ is the practice of hiding data and keeping it away from unauthorized users. Encryption - Answer- _____________is the process of transforming data from cleartext to ciphertext. Recovery time objective (RTO) - Answer- __________________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage. Secure Sockets Layer virtual private network (SSL-VPN) - Answer- The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and _________________________ Web site. Testing and quality assurance - Answer- ___________________ fills security gaps and software weakness. the opposite of cleartext. Data sent as ciphertext is not visible and not decipherable. - Answer- Ciphertext is _______________________. confidentiality - Answer- The requirement to keep information private or secret is the definition of ______________. encryption - Answer- The act of transforming cleartext data into undecipherable ciphertext is the definition of _________________.
downtime - Answer- The term used to describe the amount of time that an IT system, application, or data is not available to users is ______________. A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K-12 and higher-education institutions must comply - Answer- _____________________________ best describes the Family Educational Rights and Privacy Act (FERPA). Federal Information Security Management Act (FISMA) - Answer- __________________ is the name given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place. True - Answer- Hypertext Transfer Protocol (HTTP) is the communications protocol between Web browsers and Web sites with data in cleartext. bit error rate - Answer- The ________________ in analog communications is one error for every 1,000 bits sent; in digital communications, the _____________ is one error for every 1,000,000 bits sent. asymmetric digital subscriber line (ADSL) - Answer- A common DSL service is ______________________________, where the bandwidth is different for downstream and upstream traffic. the integration of applications to enhance the productivity. Unified communications is an example of application convergence. Unified communication integrates recorded voice messages into e-mail so that voice messages are receivable via e-mail. - Answer- Application convergence is ______________. Asynchronous transfer mode (ATS) - Answer- __________________ is the name given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications. bit error rate - Answer- The total number of errors divided by the total number of bits transmitted is the definition of __________________. Denial of Service (DoS) - Answer- ______________________ is the name given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system. Dense wavelength division multiplexing - Answer- ______________ is a technique where multiple light streams can transmit data through a single strand of fiber. digital subscriber line (DSL) - Answer- A ______________________________ is a high-speed digital broadband service that uses copper cabling for Internet access.
secure shell (SSH) - Answer- An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of _____________. False - Answer- Voice mail and e-mail are examples of real-time communications. hacker - Answer- In popular usage and in the media, the term ___________ often describes someone who breaks into a computer system without authorization. black-hat hacker - Answer- A ____________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess. cracker - Answer- A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain, They represent the greatest threat to networks and information resources. script kiddie - Answer- Another type of attacker is called a _____________. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyber attack without understanding the meaning of the steps he or she is performing. packet sniffer - Answer- A protocol analyzer or __________ is a software program that enables a computer to monitor and capture network traffic. port scanner - Answer- A ______________ is a tool used to scan IP host devices for open ports that have been enabled. password cracker - Answer- A _______________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system. URL link, PDF file, or ZIP file. (all of the above). - Answer- Malicious software can be hidden in a ___________________. SYN Flood - Answer- In a _________, the attacker sends a large number of packets requesting connections to the victim computer. backdoor - Answer- When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on. attack - Answer- An attempt to exploit a vulnerability of a computer or network component is the definition of ___________. Brute-force password attack - Answer- ___________________ is a method that black- hat hackers use to attempt to compromise logon and password access controls, usually
following a specific attack plan, including the use of social engineering to obtain user information. a program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration.
accountability - Answer- The term __________________ is used to describe associating actions with users for later reporting and research. Need-to-know - Answer- ____________ is used to describe a property that indicates that a specific subject needs access to a specific object in addition to possessing the proper clearance for the object's classification. Role-based access control (RBAC) - Answer- _________________ is the name given to an access control method that bases access control approvals on the jobs the user is assigned. access control - Answer- Biometrics is another __________________ method for identifying subjects. Separation of duties - Answer- _________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. confidentiality of data and control of access to classified information - Answer- The Bell- La Padula access control model focuses primarily on _____________________. nonrepudiation - Answer- Cryptography accomplished four security goals: confidentiality, integrity, and authentication and ______________. asymmetric key cryptography - Answer- The term used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that respondents do not first have to exchange secret information to communicate securely is _____________________________. keyspace - Answer- The number of possible keys to cipher is a ________. brute-force attack - Answer- Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ___________________. Data Encryption Standard (DES) - Answer- The most scrutinized cipher in history is the _________________. Checksum - Answer- _______________ is a one-way calculation of information that yields a result usually much smaller than the original message. Caesar cipher - Answer- A _____________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
Nonrepudiation - Answer- ________________________ enables you to prevent a party from denying a previous statement or action. ciphertext-only attack (COA) - Answer- There are four basic forms of a cryptographic attack. In a ___________________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be. chosen-plaintext attack - Answer- In a __________________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst. the output of a one-way algorithm; a mathematically derived numerical representation of some input. - Answer- Checksum is ________________. Data Encryption Standard (DES) - Answer- _____________________________ is the name given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 interactions of substitution and transformation. Decryption - Answer- _______________ is the act of unscrambling ciphertext into plaintext. Digital Signature - Answer- _______________ is the name given to an object that uses asymmetric encryption to bind a message or data to a specific entity. Hash - Answer- _______ is the name given to a number that provides for the integrity of transmitted data. CAST - Answer- Organizations currently use several symmetric algorithms, including _______, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use. Blowfish - Answer- ________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than KES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain. SSL handshake - Answer- A process that creates the first secure communications session between a client and a server is the definition of _____________. True - Answer- Digital signatures require asymmetric key cryptography. False - Answer- Unlike symmetric key algorithms, asymmetric algorithms can be fast and are well suited to encryption lots of data.
secret encryption - Answer- Symmetric key encryption is also known as _________________. True - Answer- An asymmetric key distribution system has no need for couriers, back channels, or expensive storage or inventory plans. False - Answer- In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies. Agile development - Answer- _________________ is the name given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules. security event log - Answer- When an information security breach occurs in your organization, a __________________ helps determine what happened to the system and when. Change control - Answer- _____________ ensures that any changes to a production system are tested, documented, and approved. an intrusion detection system that compares current activity with stored profiles of normal (expected) activity. - Answer- Anomaly-based IDS is _________________________________. audit - Answer- An ______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. SAS 70 - Answer- ______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. incorrectly identifying abnormal activity as normal - Answer- False negative is ___________________. security testing that is based on limited knowledge of an application's design - Answer- Gray-box testing is __________________. the state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. - Answer- Hardened configuration is _________________________. an intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders - Answer- Pattern-based IDS is ___________________.
assets - Answer- How your organization responds to risk reflects the value it puts on its ______. risk - Answer- A countermeasure, without a corresponding ____, is a solution seeking a problem; you can never justify the cost. business continuity plan - Answer- It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________________________. Impact - Answer- ______ refers to the amount of harm a threat can cause by exploiting a vulnerability. threat source - Answer- An attacker or event that might exploit a vulnerability is a _____________. event - Answer- An _____ is a measurable occurrence that has an impact on the business. Quantitative risk analysis - Answer- ____________________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk. Exposure factor (EF) - Answer- _______________________ represents the percentage of the asset value that will be lost if an incident were to occur. Risk transference or risk assignment - Answer- _____________________ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk. BIA - Answer- A ____ determines the extent of the impact that a particular incident would have on business operations over time. hot site - Answer- Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location,though you may need to refresh or update the data. It is called a ________. a network device that connects network segments, echoing all received traffic to all other ports - Answer- A hub is______________________. Internet Protocol Security (IPSec) - Answer- ____________________________ is a suite of protocols designed to connect sites securely using IP networks. Dynamic Host Configuration Protocol (DCHP) - Answer- ____________________________________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer.It provides a computer with an
IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. reconnaissance - Answer- Network ________________________ is gathering information about a network for use in a future attack. network access control (NAC) - Answer- A method to restrict access to a network based on identity or other rules is the definition of ____________________________________. firewall - Answer- A ________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network. network address translation (NAT) - Answer- The term used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address is ______________________. firewall - Answer- A ________ contains rules that define the types of traffic that can come and go through a network. packet-filtering firewall - Answer- A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ____________________________. a firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator - Answer- A packet-filtering firewall is ____________________________. Point-to-Point Tunneling Protocol (PPTP) - Answer- The name given to a protocol to implement a VPN connection between two computers is ________________________. Wi-Fi Protected Access (WPA) - Answer- The term used to describe the current encryption standard for wireless networks is ___________________. a method of IP addressing assignment that uses an alternate, public IP address to hide a system's real IP address - Answer- Network address translation (NAT) is _____________________________________. False - Answer- A packet-filtering firewall remembers information about the status of a network communication. True - Answer- Border firewalls simply separate the protected network from the Internet. True - Answer- The trace route command display the path that a particular packer follows so you can identify the source of potential network problems.
False - Answer- Another name for a border firewall is a DMZ firewall. integrity - Answer- Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is __________. availability - Answer- Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ____________. consists of a network of compromised computers that attackers use to launch attacks and spread malware - Answer- A botnet _____________________. data infector - Answer- The term used to describe a type of virus that attacks document files containing embedded macro programming capabilities is a _____________. System Infectors - Answer- ________________ are viruses that target computer hardware and software startup functions. file infector - Answer- A _____________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files). worm - Answer- Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e- mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and unexplained decrease in available disk space are all telltale symptoms of a _________. Trojan - Answer- Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a _________. logic bomb - Answer- A __________ is a program that executed a malicious function of some kind when it detects certain conditions. Botnets - Answer- _______ are the main source of distributed denial of service (DDoS) attacks and spam. SYN flood attack - Answer- In a ________________, the attacker uses IP spoofing to send a large number of packers requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond. smurf attack - Answer- In a ____________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.
phishing attack - Answer- A ______________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information. keystroke logger - Answer- Whether software or hardware based, a ________________ captures keystrokes, or user entries, and then forwards that information to the attacker. True - Answer- Unlike viruses, worms do not require a host program in order to survive and replicate. False - Answer- The worm has to trick users into running it. True - Answer- Many Trojans spread through e-mail messages or Web site downloads. True - Answer- A successful DoS attack crashes a server or network device or creates so much network congestion that authorized users cannot access network resources. American National Standards Institute (ANSI) - Answer- The ________________________________________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment. W3C - Answer- The stated purpose of the ____ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth. IETF - Answer- The purpose of the _____ is to "make the Internet work better." It focuses on the engineering aspects of Internet communication and attempts to avoid policy and business questions. It is an open organization, and it has no membership requirements. A Request for Comment (RFC) - Answer- _____________________ is a document produced by the IETF that contains standards as well as other specifications or descriptive contents. confidentiality, integrity, and availability - Answer- The letters of the C-I-A triad stand for ________________________________________. a federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life." - Answer- The National Institute of Standards and Technology is ___________________.
Privacy - Answer- _______ is a person's right to control the use and disclosure of his or her own personal information. compliance - Answer- In the legal system, __________ is the act of following laws, rules, and regulations that apply to organizations. Office of Management and Budget - Answer- The regulating agency for the Federal Information Systems Management Act is the __________________________. FTC - Answer- The regulating agency for the Gramm-Leach-Bliley Act is the _____. security awareness training - Answer- FISMA requires each federal agency to create and agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ____________________________. business associate - Answer- Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a ____________________________. consumer financial information - Answer- Information regulated under the Gramm- Leach-Bliley Act is ____________________________. corporate financial information - Answer- Information regulated under the Sarbanes- Oxley Act is ____________________________. False - Answer- FISMA applies to all privately held companies and their IT systems.