Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A comprehensive list of security concepts and definitions relevant to the (isc)2 systems security certified practitioner (sscp) exam. It covers a wide range of topics, including access control, authentication, cryptography, network security, and risk management. Each term is defined clearly and concisely, making it a valuable resource for exam preparation.
Typology: Exams
1 / 257
Access Control Object - Correct answer-A passive entity that typically receives or contains some form ofdata.
Access Control Subject - Correct answer-An active entity and can be any user, program, or process thatrequests permission to cause data to flow from an access control object to the access control subject or between access control objects. Asynchronous Password Token - Correct answer-A one-time password is generated without the use of aclock, either from a one-time pad or cryptographic algorithm.
Authorization - Correct answer-Determines whether a user is permitted to access a particular resource. Connected Tokens - Correct answer-Must be physically connected to the computer to which the user isauthenticating.
Contactless Tokens - Correct answer-Form a logical connection to the client computer but do not requirea physical connection.
Disconnected Tokens - Correct answer-Have neither a physical nor logical connection to the clientcomputer.
Entitlement - Correct answer-A set of rules, defined by the resource owner, for managing access to aresource (asset, service, or entity) and for what purpose.
Identity Management - Correct answer-The task of controlling information about users on computers. Proof of Identity - Correct answer-Verify people's identities before the enterprise issues them accountsand credentials.
Kerberos - Correct answer-A popular network authentication protocol for indirect (third-party)authentication services.
Lightweight Directory Access Protocol (LDAP) - Correct answer-A client/server-based directory queryprotocol loosely based on X.500, commonly used to manage user information. LDAP is a front end and not used to manage or synchronize data per se as opposed to DNS. Single Sign-On (SSO) - Correct answer-Designed to provide strong authentication using secret-keycryptography, allowing a single identity to be shared across multiple applications.
Static Password Token - Correct answer-The device contains a password that is physically hidden (notvisible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - Correct answer-A timer is used to rotate through variouscombinations produced by a cryptographic algorithm.
Trust Path - Correct answer-A series of trust relationships that authentication requests must followbetween domains
6to4 - Correct answer-Transition mechanism for migrating from IPv4 to IPv6. It allows systems to useIPv6 to communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - Correct answer-Hardware addresses used by the CPU. Abstraction - Correct answer-The capability to suppress unnecessary details so the important, inherentproperties can be examined and reviewed.
Accepted ways for handling risk - Correct answer-Accept, transfer, mitigate, avoid. Access - Correct answer-The flow of information between a subject and an object. Access control matrix - Correct answer-A table of subjects and objects indicating what actions individualsubjects can take upon individual objects.
Access control model - Correct answer-An access control model is a framework that dictates howsubjects access objects.
Access controls - Correct answer-Are security features that control how users and systems communicateand interact with other systems and resources.
Accreditation - Correct answer-Formal acceptance of the adequacy of a system's overall security bymanagement.
Active attack - Correct answer-Attack where the attacker does interact with processing orcommunication activities.
ActiveX - Correct answer-A Microsoft technology composed of a set of OOP technologies and toolsbased on COM and DCOM. It is a framework for defining reusable software components in a programming language-independent manner Address bus - Correct answer-Physical connections between processing components and memorysegments used to communicate the physical memory addresses being used during processing procedures. Address resolution protocol (ARP) - Correct answer-A networking protocol used for resolution ofnetwork layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - Correct answer-Memory protection mechanism used bysome operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities. Algebraic attack - Correct answer-Cryptanalysis attack that exploits vulnerabilities within the intrinsicalgebraic structure of mathematical functions.
Algorithm - Correct answer-Set of mathematical and logic rules used in cryptographic functions. Analog signals - Correct answer-Continuously varying electromagnetic wave that represents andtransmits data.
Analytic attack - Correct answer-Cryptanalysis attack that exploits vulnerabilities within the algorithmstructure.
Annualized loss expectancy (ALE) - Correct answer-Annual expected loss if a specific vulnerability isexploited and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - Correct answer-Software interface that enables process-to- process interaction. Common way to provide access to standard routines to a set of software programs. Arithmetic logic unit (ALU) - Correct answer-A component of the computer's processing unit, in whicharithmetic and matching operations are performed.
AS/NZS 4360 - Correct answer-Australia and New Zealand business risk management assessmentapproach.
Assemblers - Correct answer-Tools that convert assembly code into the necessary machine-compatiblebinary language for processing activities to take place.
Assembly language - Correct answer-A low-level programming language that is the mnemonicrepresentation of machine-level instructions.
Assurance evaluation criteria - Correct answer-Check-list and process of examining the security-relevantparts of a system (TCB, reference monitor, security kernel) and assigning the system an assurance rating.
Asymmetric algorithm - Correct answer-Encryption method that uses two different key types, public andprivate. Also called public key cryptography.
Asymmetric mode multiprocessing - Correct answer-When a computer has two or more CPUs and oneCPU is dedicated to a specific program while the other CPUs carry out general processing procedures
Asynchronous communication - Correct answer-Transmission sequencing technology that uses start andstop bits or similar encoding mechanism. Used in environments that transmit a variable amount of data in a periodic fashion. Asynchronous token generating method - Correct answer-Employs a challenge/response scheme toauthenticate the user.
Attack surface - Correct answer-Components available to be used by an attacker against the productitself.
Attenuation - Correct answer-Gradual loss in intensity of any kind of flux through a medium. As anelectrical signal travels down a cable, the signal can degrade and distort or corrupt the data it is carrying.
Attribute - Correct answer-A column in a two-dimensional database. Authentication Header (AH) Protocol - Correct answer-Protocol within the IPSec suite used for integrityand authentication.
Authenticode - Correct answer-A type of code signing, which is the process of digitally signing softwarecomponents and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was digitally signed. Authenticode is Microsoft's implementation of codesigning.
Availability - Correct answer-Reliable and timely access to data and resources is provided to authorizedindividuals.
Avalanche effect - Correct answer-Algorithm design requirement so that slight changes to the inputresult in drastic changes to the output.
Base registers - Correct answer-Beginning of address space assigned to a process. Used to ensure aprocess does not make a request outside its assigned memory boundaries.
Baseband transmission - Correct answer-Uses the full bandwidth for only one communication channeland has a low data transfer rate compared to broadband.
Bastion host - Correct answer-A highly exposed device that will most likely be targeted for attacks, andthus should be hardened.
Behavior blocking - Correct answer-Allowing the suspicious code to execute within the operating systemand watches its interactions with the operating system, looking for suspicious activities.
Confidentiality - Correct answer-data is not disclosed to unauthorized users Integrity - Correct answer-prevents any unauthorized or unwanted modification of data Availability - Correct answer-ensures that IT systems and data are available when needed Backups - Correct answer-Copies of data stored in case the original is stolen or becomes corrupt Redundant disks - Correct answer-Provides fault tolerance by mirroring data on another drive. If the firstdrive fails, data is not lost since the system can automatically switch over to the other drive.
Redundant servers - Correct answer-Provides fault tolerance by having one or more entire systemsavailable in case the primary one crashes.
Redundant connections - Correct answer-Provides fault tolerance by having redundant internetconnections so if one fails, the organization can still has connectivity
Redundant sites - Correct answer-Hot, cold, or warm sites are planned for business continuity incase ofemergency. Hot sites are ready at a moment's notice. Cold sites are empty buildings with just electricity and running water. Warm sites are hybrids. Hashing - Correct answer-These algorithms provide data integrity only Defense in Depth - Correct answer-A defense that uses multiple types of security devices to protect anetwork. Also called layered security.
Authenication - Correct answer-Identifies user(s) Authorization - Correct answer-Defines what the user(s) can access Accounting - Correct answer-Tracking user(s) activities. Accountability - Correct answer-Underlying goals of the AAAs of security. The trait of being willing totake responsibility for your actions
Nonrepudiation - Correct answer-A user cannot deny any particular act that he or she did on the ITsystem
Least Privilege - Correct answer-Providing only the minimum amount of privileges necessary to performa job or function.
Separation of Duties - Correct answer-Distributing tasks and associated privileges among multiplepeople, primary objective to prevent fraud and errors
Due Diligence - Correct answer-Necessary level of care and attention that is taken to investigate anaction before it is taken. (Look before jumping)
Due Care - Correct answer-The requirement that a professional exercise reasonable ability andjudgement in a specific circumstance, the absence of which constitutes negligence. Also called standard of care. Three Factors of Authentication - Correct answer-Something you... know, have and are False Reject Rate - Correct answer-The percentage or value associated with the rate at which authenticusers are denied or prevented access to authorized areas as a result of a failure in the biometric device.
False Accept Rate - Correct answer-The percentage of identification instances in which unauthorizedusers are allowed access to systems or areas as a result of a failure in the biometric device.
Crossover Error Rate - Correct answer-The crossover error rate, also called the equal error rate, is thepoint at which the number of false positives matches the number of false negatives in a bio metric system. Select the system with the lowest crossover error rate within your budget. Multifactor Authentication - Correct answer-A form of authentication where a user must use two ormore factors to prove his or her identity.
Single Sign-on Authentication - Correct answer-Authenticate once to access multiple resources Centralized Authentication - Correct answer-Credentials for the users are stored on a central server. Anyuser is able to log on to the network once and then access any computer in the network (as long as the user has permissions). For example, if a computer is part of a Microsoft domain, the central server willbe a domain controller and hold accounts for all users in the domain.
Decentralized Authentication - Correct answer-Every computer has a separate database that storescredentials. If a user needed to log on to all four computers in this network, he or she would need to have four separate sets of credentials—one for each system. Offline Authentication - Correct answer-Allows users who have logged in to the system at one time tostill log in even when they are disconnected from a network. In a Windows environment, the system
uses cached credentials. (A user will not be able to access network resources while using cachedcredentials. The user can only access resources on the local system using these offline credentials)
One-Time Passwords - Correct answer-Passwords created to be used only once. Because it's used onlyonce, there's little risk of the password being reused even if an attacker is able to capture it while it is transmitted. Subject - Correct answer-Accesses a resource (ex: users, computers, applications, networks) Object - Correct answer-The resource being accessed (ex: data, hardware, applications, networks,facilities)
Logical Access Control - Correct answer-A mechanism that limits access to computer systems andnetwork resources.
Access Control Lists - Correct answer-These lists are used to identify systems and specify which users,protocols, or services are allowed
Security Kernel - Correct answer-Consists of several components including software, firmware, andhardware. They represent represents all the security functionality of the operating system.
Physical Access Control - Correct answer-A mechanism that limits access to physical resources, such asbuildings or rooms (ex: lock doors, alarm systems, cipher locks, CCTVs, guards)
Access Control Models - Correct answer-Regulate the admission of users into trusted areas of theorganization-both logical access to information systems and physical access to the organization's facilities Discretionary Access Control (DAC) - Correct answer-The least restrictive access control. Is an accesspolicy determined by the owner of a file (or other resource). The owner decides who's allowed access to a file and what privileges they have.
Non-Discretionary Access Control (Non-DAC) - Correct answer-Access rules are closely managed by thesecurity administrator. Offers stronger security than DAC because it does not rely only on users compliance Mandatory Access Control (MAC) - Correct answer-The most restrictive access control. Users areassigned a security level or clearance, and when they try to access an object, their clearance level is compared to the objects sensitivity level. If they match the user can access the object, if not, the user isdenied access
Bell-LaPadula Model - Correct answer-Security model that deals only with confidentiality. Two rules:simple security property rule, the star property rule
Simple Security Property Rule - Correct answer-No read up. No subject can read information from anobject with a security classification higher than that possessed by the subject itself.
The * Property (Star-property) Rule - Correct answer-No write down. Subjects granted access to anysecurity level may not write to any object at a lower security level.
Biba Model - Correct answer-Security model that deals only with integrity. Simple Integrity Axiom - Correct answer-No read down. Subjects granted access to any security levelmay not read an object at a lower security level
The * Integrity Axiom (Star Integrity Axiom) - Correct answer-No write up. Subjects granted access toany security level may not write to any object at a higher security level
Clark-Wilson - Correct answer-Subjects can access data only through programs (access triple - user,object, program) ensure separation of duties, and required auditing
Chinese Wall (Brewer-Nash) - Correct answer-Provides a barrier between these two groups ofemployees by classifying data
Role-base Access Control (RBAC) - Correct answer-Use roles to determine access.
Provisioning - Correct answer-Configuration and allocation of resources to meet the capacity availability,performance, and security requirements.
Entitlement - Correct answer-The privileges granted to users. Following the principle of least privilege isimportant here.
Cloud Computing - Correct answer-Any type of computing services provided over the Internet Software-as-a-Service (SaaS) - Correct answer-Cloud computing vendors provide software that is specificto their customers' requirements
Platform-as-a-Service (PaaS) - Correct answer-Provides users with an operating system available overthe internet, without the need for users to purchase the hardware and software
Infrastructure-as-a-Service (IaaS) - Correct answer-Sometimes called hardware-as-a-service. Users rentaccess to hardware such as servers and networking infrastructure.
Virtualization - Correct answer-when one physical machine hosts multiple activities that are normallydone on multiple machines.
Availability - Correct answer-Refers to the ability to access and use information systems when and asneeded to support an organization's operations.
Breach - Correct answer-The intentional or unintentional release of secure information to an untrustedenvironment.
CMDB - Correct answer-A configuration management database (CMDB) is a repository that contains acollection of IT assets that are referred to as configuration items.
Compensating Controls - Correct answer-Introduced when the existing capabilities of a system do notsupport the requirements of a policy.
Confidentiality - Correct answer-Refers to the property of information in which it is only made availableto those who have a legitimate need to know.
Configuration Management (CM) - Correct answer-A discipline that seeks to manage configurationchanges so that they are appropriately approved and documented, so that the integrity of the security state is maintained, and so that disruptions to performance and availability are minimized. Corrective Control - Correct answer-These controls remedy the circumstances that enabled unwarrantedactivity, and/ or return conditions to where they were prior to the unwanted activity.
COTS - Correct answer-A Federal Acquistion Regulation (FAR) term for commercial off-the-shelf (COTS)items, that can be purchased n the commercial marketplace and used under government contract.
Deduplication - Correct answer-A process that scans the entire collection of information looking forsimilar chunks of data that can be consolidated.
Defense-in-depth - Correct answer-Provision of several overlapping subsequent limiting barriers with norespect to one safety or security threshold, so that the threshold can only be surpassed if all barriers have failed. Degaussing - Correct answer-A technique of erasing data on disk or tape (including video tapes) that,when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.
Deluge System - Correct answer-A fire suppression system with open sprinker heads, water is held backuntil a detector in the area is activated.
Deterrent Control - Correct answer-Controls that prescribe some sort of punishment, randing fromembarrassment to job termination or jail time for noncompliance. Their intent is to dissuade people from performing unwanted acts. Directive Control - Correct answer-Controls dictated by organizational and legal authorities.
Dry System - Correct answer-A fire suppression system that does not have water in the pipes until theelectric valve is stimulated by excess heat.
Dual Control - Correct answer-A procedure that uses two or more entities (usually persons) operating inconcert to protect a system resource, such that no single entity acting alone can access that resource.
Information Rights Management (IRM) - Correct answer-Assigns specific properties to an object such ashow long the object may exist, what users or systems may access it, and if any notifications need to occur when the file is opened, modified, or printed. Integrity - Correct answer-The property of information whereby it is recorded, used, and maintained in away that ensures its completeness, accuracy, internal consistency, and usefulness for a stated purpose.
IT Asset Management (ITAM) - Correct answer-Entails collecting inventory and financial and contractualdata to manage the IT asset throughout its life cycle.
Least Privilege - Correct answer-A security principle in which any user/process is given only thenecessary, minimum level of access rights (privileges) explicitly, for the minimum amount of time, in order for it to complete its operation. Non-repudiation - Correct answer-A service that is used to provide assurance of the integrity and originof data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed signatory. Pre-action System - Correct answer-A fire suppression system that contains water in the pipes but willnot release the water until detectors in the area have been activated. This can eliminate concerns of water damage due to accidental or false activation. Preventive Control - Correct answer-Controls that block unwanted actions. Privacy - Correct answer-The rights and obligations of individuals and organizations with respect to thecollection, use, retention, and disclosure of personal information.
Procedures - Correct answer-Step-by-step instructions for performing a specific task or set of tasks. Release Management - Correct answer-A software engineering discipline that controls the release ofapplications, updates, and patches to the production environment.
Release Management Policy - Correct answer-Specifies the conditions that must be met for anapplication or component to be released to production, roles and responsibilities for packaging, approving, moving, and testing code releases, and approval and documentation requirements. Release Manager - Correct answer-Responsible for planning, coordination, implementation, andcommunication of all application releases.
Separation of Duties - Correct answer-An operational security mechanism for preventing fraud andunauthorized use that requires two or more individuals to complete a task or perform a specific function. Systems Integrity - Correct answer-The maintenance of a known good configuration and expectedoperational function.
what are two popular frameworks for info sec security - Correct answer-nist 800 series add iso 27000series
what is iso 27000 - Correct answer-Information security management systems overview what is iso 27001 - Correct answer-information security management requiremnt system evalluation what is iso 27002 - Correct answer-isms taking risk appetite into consideration what is iso 27003 - Correct answer-isms implementation guidance what is iso 27004 - Correct answer-measurement of isms
what is iso 27005 - Correct answer-information security risk managment what are 3 types of security policies - Correct answer-operational functional organizational describe the heirarchy from policy to guidelines - Correct answer-policy regulations baselinesprocedures guidelines
what is microsoft sdl - Correct answer-security development lifecycle what is a hot patch - Correct answer-applied to a system without the need to turn it off what is a patch - Correct answer-software meant to improve useability what are the three states of data - Correct answer-rest transit and proccess name two parts to a data classification system - Correct answer-subjects and objects name some characteristics of objects - Correct answer-objects are access by subjects and given lables ofclassified or sensative
what are two characteristics of a subject - Correct answer-active, clearance levels and access objects what is the current encrytption standard for long term storage - Correct answer-AES what is NAC - Correct answer-network access control is used to check te health of endpoint devices what are 3 components used in endpoint defense - Correct answer-firewall, HIDS and antivirus what is a BIA - Correct answer-business impact analysis
describe business impact analysis - Correct answer-categorize systems on importance and anddetermine how long the business can function without their activities
what are supporting documents to a BCP - Correct answer-DRP, BIA, bcp TESTING, bcp MAINTAINENCEPERSONEL SUCCESION
what is another name for a partnership site - Correct answer-reciprical- two companies share resourcesin event of disaster
what is the min distance an alt site should be - Correct answer-20 miles what is a virtual site - Correct answer-IAAS provides backup or disaster recovery in the cloud what is the 3 rd cannon - Correct answer-provide comp and diligent service Multi-partite viruses perform which functions? A. Infect multiple partitions B.Infect multiple boot sectors
C. Infect numerous workstations D.Combine both boot and file virus behavior - Correct answer-D. Combine both boot and file virus behavior
A salami attack refers to what type of activity? A.Embedding or hiding data inside of a legitimate communication - a picture, etc.
B. Hijacking a session and stealing passwords C.Committing computer crimes in such small doses that they almost go unnoticed
D. Setting a program to attack a website at 11:59 am on New Year's Eve - Correct answer-C.Committing computer crimes in such small doses that they almost go unnoticed
A standardized list of the most common security weaknesses and exploits is the __________. A. SANS Top 10 B.CSI/FBI Computer Crime Study
C. CVE - Common Vulnerabilities and Exposures D.CERT Top 10 - Correct answer-C.
CVE - Common Vulnerabilities and Exposures What is the main difference between computer abuse and computer crime? A. Amount of damage B.Intentions of the perpetrator
C. Method of compromise D.Abuse = company insider; crime = company outsider - Correct answer-B. Intentions of the perpetrator DES - Data Encryption standard has a 128 bit key and is very difficult to break. A.True
B. False - Correct answer-B.False
HTTP, FTP, SMTP reside at which layer of the OSI model? A.
Layer 1 - Physical B. Layer 3 - Network C.Layer 4 - Transport
D. Layer 7 - Application E.Layer 2 - Data Link - Correct answer-D. Layer 7 - Application ____________ is a file system that was poorly designed and has numerous security flaws. A.NTS
B. RPC C.TCP
D. NFS
None of the above - Correct answer-D.NFS
Cable modems are less secure than DSL connections because cable modems are shared with othersubscribers?
A.True
B. False - Correct answer-B.False
_____ is the authoritative entity which lists port assignments A. IANA B.ISSA
C. Network Solutions D.Register.com
E.
InterNIC - Correct answer-A. IANA What security principle is based on the division of job responsibilities - designed to prevent fraud? A.Mandatory Access Control
B. Separation of Duties C.Information Systems Auditing
D. Concept of Least Privilege - Correct answer-B.Separation of Duties
A Security Reference Monitor relates to which DoD security standard? A. LC3 B.C2
C. D1
E.None of the items listed - Correct answer-B. C2 Layer 4 in the DoD model overlaps with which layer(s) of the OSI model? A.Layer 7 - Application Layer
B. Layers 2, 3, & 4 - Data Link, Network, and Transport Layers C.Layer 3 - Network Layer
D. Layers 5, 6, & 7 - Session, Presentation, and Application Layers - Correct answer-D.Layers 5, 6, & 7 - Session, Presentation, and Application Layers
The ultimate goal of a computer forensics specialist is to ___________________. A. Testify in court as an expert witness B.Preserve electronic evidence and protect it from any alteration
C.Protect the company's reputation
D. Investigate the computer crime - Correct answer-B.Preserve electronic evidence and protect it from any alteration
There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify thethree: (Choose three)
A.Class A: 1-126
B. Class B: 128-191 C.Class C: 192-223
D. Class D: 224-255 E.Class E: 0.0.0.0 - 127.0.0.1 - Correct answer-A. Class A: 1-126 B.Class B: 128-191
C.Class C: 192-223
The ability to identify and audit a user and his / her actions is known as ____________. A. Journaling B.Auditing
C. Accessibility D.Accountability
E. Forensics - Correct answer-D.Accountability
IKE - Internet Key Exchange is often used in conjunction with what security standard? A. SSL B.OPSEC
Kerberos E.All of the above - Correct answer-C. IPSEC The act of intercepting the first message in a public key exchange and substituting a bogus key for theoriginal key is an example of which style of attack?
A. Spoofing B.Hijacking
C. Man In The Middle D.Social Engineering
E. Distributed Denial of Service (DDoS) - Correct answer-C.Man In The Middle