Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Terminology, Exams of Business Administration

A wide range of cybersecurity concepts and terminology, including disaster recovery, data encryption, data protection laws, network protocols, hacking techniques, security tools, access control methods, cryptographic algorithms, software development methodologies, risk management frameworks, and industry standards. It provides a comprehensive overview of the key terms and principles in the field of cybersecurity, which could be useful for students, professionals, or anyone interested in understanding the technical aspects of information security. The document touches on topics such as firewalls, malware, denial-of-service attacks, network protocols, and privacy rights, among others. By studying this document, readers can gain a solid foundation in the fundamental concepts and vocabulary used in the cybersecurity domain, which is essential for further exploration or application of these principles in various contexts.

Typology: Exams

2023/2024

Available from 07/27/2024

TheHub
TheHub 🇺🇸

3.5

(13)

3K documents

Partial preview of the text

Download Cybersecurity Concepts and Terminology and more Exams Business Administration in PDF only on Docsity! MIST 356 Final Exam Study Guide 2024/2025 business continuity plan (BCP) A _________________ gives priorities to the functions an organization needs to keep going. signaling SIP is a _________ protocol used to support real-time communications Disaster Recovery Plan (DRP) A ____________ defines how a business gets back on its feet after a major disaster like a fire or hurricane. End-User License Agreement (EULA) Software vendors must protect themselves from the liabilities of their own vulnerabilities with an _____________ . Cryptography ______________ is the practice of hiding data and keeping it away from unauthorized users. Encryption _____________is the process of transforming data from cleartext to ciphertext. Recovery time objective (RTO) __________________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage. Secure Sockets Layer virtual private network (SSL-VPN) The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and _________________________ Web site. Testing and quality assurance ___________________ fills security gaps and software weakness. the opposite of cleartext. Data sent as ciphertext is not visible and not decipherable. Ciphertext is _______________________. confidentiality The requirement to keep information private or secret is the definition of ______________. encryption The act of transforming cleartext data into undecipherable ciphertext is the definition of _________________. downtime The term used to describe the amount of time that an IT system, application, or data is not available to users is ______________. A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K-12 and higher-education institutions must comply _____________________________ best describes the Family Educational Rights and Privacy Act (FERPA). Federal Information Security Management Act (FISMA) __________________ is the name given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place. True Hypertext Transfer Protocol (HTTP) is the communications protocol between Web browsers and Web sites with data in cleartext. bit error rate The ________________ in analog communications is one error for every 1,000 bits sent; in digital communications, the _____________ is one error for every 1,000,000 bits sent. asymmetric digital subscriber line (ADSL) A common DSL service is ______________________________, where the bandwidth is different for downstream and upstream traffic. the integration of applications to enhance the productivity. Unified communications is an example of application convergence. Unified communication integrates recorded voice messages into e- mail so that voice messages are receivable via e-mail. Application convergence is ______________. Asynchronous transfer mode (ATS) __________________ is the name given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications. bit error rate The total number of errors divided by the total number of bits transmitted is the definition of __________________. Denial of Service (DoS) ______________________ is the name given to an attack that uses ping or ICMP echo-request, echo- reply messages to bring down the availability of a server or system. Dense wavelength division multiplexing ______________ is a technique where multiple light streams can transmit data through a single strand of fiber. digital subscriber line (DSL) A ______________________________ is a high-speed digital broadband service that uses copper cabling for Internet access. False The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is = SLE x ARO. accountability The term __________________ is used to describe associating actions with users for later reporting and research. Need-to-know ____________ is used to describe a property that indicates that a specific subject needs access to a specific object in addition to possessing the proper clearance for the object's classification. Role-based access control (RBAC) _________________ is the name given to an access control method that bases access control approvals on the jobs the user is assigned. access control Biometrics is another __________________ method for identifying subjects. Separation of duties _________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. confidentiality of data and control of access to classified information The Bell-La Padula access control model focuses primarily on _____________________. nonrepudiation Cryptography accomplished four security goals: confidentiality, integrity, and authentication and ______________. asymmetric key cryptography The term used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that respondents do not first have to exchange secret information to communicate securely is _____________________________. keyspace The number of possible keys to cipher is a ________. brute-force attack Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ___________________. Data Encryption Standard (DES) The most scrutinized cipher in history is the _________________. Checksum _______________ is a one-way calculation of information that yields a result usually much smaller than the original message. Caesar cipher A _____________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. Nonrepudiation ________________________ enables you to prevent a party from denying a previous statement or action. ciphertext-only attack (COA) There are four basic forms of a cryptographic attack. In a ___________________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be. chosen-plaintext attack In a __________________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst. the output of a one-way algorithm; a mathematically derived numerical representation of some input. Checksum is ________________. Data Encryption Standard (DES) _____________________________ is the name given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 interactions of substitution and transformation. Decryption _______________ is the act of unscrambling ciphertext into plaintext. Digital Signature _______________ is the name given to an object that uses asymmetric encryption to bind a message or data to a specific entity. Hash _______ is the name given to a number that provides for the integrity of transmitted data. CAST Organizations currently use several symmetric algorithms, including _______, which is a substitution- permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use. Blowfish ________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than KES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain. SSL handshake A process that creates the first secure communications session between a client and a server is the definition of _____________. True Digital signatures require asymmetric key cryptography. False Unlike symmetric key algorithms, asymmetric algorithms can be fast and are well suited to encryption lots of data. secret encryption Symmetric key encryption is also known as _________________. True An asymmetric key distribution system has no need for couriers, back channels, or expensive storage or inventory plans. False In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies. Agile development _________________ is the name given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules. security event log When an information security breach occurs in your organization, a __________________ helps determine what happened to the system and when. Change control _____________ ensures that any changes to a production system are tested, documented, and approved. an intrusion detection system that compares current activity with stored profiles of normal (expected) activity. Anomaly-based IDS is _________________________________. audit An ______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. SAS 70 ______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. incorrectly identifying abnormal activity as normal False negative is ___________________. security testing that is based on limited knowledge of an application's design Gray-box testing is __________________. False A packet-filtering firewall remembers information about the status of a network communication. True Border firewalls simply separate the protected network from the Internet. True The trace route command display the path that a particular packer follows so you can identify the source of potential network problems. False Another name for a border firewall is a DMZ firewall. integrity Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is __________. availability Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ____________. consists of a network of compromised computers that attackers use to launch attacks and spread malware A botnet _____________________. data infector The term used to describe a type of virus that attacks document files containing embedded macro programming capabilities is a _____________. System Infectors ________________ are viruses that target computer hardware and software startup functions. file infector A _____________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files). worm Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and unexplained decrease in available disk space are all telltale symptoms of a _________. Trojan Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a _________. logic bomb A __________ is a program that executed a malicious function of some kind when it detects certain conditions. Botnets _______ are the main source of distributed denial of service (DDoS) attacks and spam. SYN flood attack In a ________________, the attacker uses IP spoofing to send a large number of packers requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond. smurf attack In a ____________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks. phishing attack A ______________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information. keystroke logger Whether software or hardware based, a ________________ captures keystrokes, or user entries, and then forwards that information to the attacker. True Unlike viruses, worms do not require a host program in order to survive and replicate. False The worm has to trick users into running it. True Many Trojans spread through e-mail messages or Web site downloads. True A successful DoS attack crashes a server or network device or creates so much network congestion that authorized users cannot access network resources. American National Standards Institute (ANSI) The ________________________________________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment. W3C The stated purpose of the ____ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth. IETF The purpose of the _____ is to "make the Internet work better." It focuses on the engineering aspects of Internet communication and attempts to avoid policy and business questions. It is an open organization, and it has no membership requirements. A Request for Comment (RFC) _____________________ is a document produced by the IETF that contains standards as well as other specifications or descriptive contents. confidentiality, integrity, and availability The letters of the C-I-A triad stand for ________________________________________. a federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life." The National Institute of Standards and Technology is ___________________. Privacy _______ is a person's right to control the use and disclosure of his or her own personal information. compliance In the legal system, __________ is the act of following laws, rules, and regulations that apply to organizations. Office of Management and Budget The regulating agency for the Federal Information Systems Management Act is the __________________________. FTC The regulating agency for the Gramm-Leach-Bliley Act is the _____. security awareness training FISMA requires each federal agency to create and agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ____________________________. business associate Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a ____________________________. consumer financial information Information regulated under the Gramm-Leach-Bliley Act is ____________________________. corporate financial information Information regulated under the Sarbanes-Oxley Act is ____________________________. False FISMA applies to all privately held companies and their IT systems.