is an action that could damage an asset
which law requires all types of financial institutions to protect customers private financial information
gramm-leach billey act (glba)
an AUP is part of a layered approach to security, and it supports confidentiality. what else supports confidentiality?
cryptography and encryption
is a detailed written definition of how software and hardware are to be used?
are common types of data classification standards
private, confidential, internal use only, top secret, secret
what does a lapse in a security control or policy create
is a weakness in a system that makes it possible for a threat to cause it harm
vulnerabilities and threats
terms refers to the likelihood of exposure to danger
which type of hacker intends to be helpful
white hat
which domain is primarily affected by weak endpoint security on a vpn client
remote access domain
identify two phases of the access control process
authorization, authentification
you log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. this is an example of which of the following
What are the types of authentication
knowledge, ownership, characteristics
identify an example of an access control formal model
discretionary access control (DAC), mandatory access control (MAC), non-discretionary access control
which acess control model is based on a mathematical theory published in 1989 to ensure fair competion
brewer and nash integrity model
are primary categories of rules that most organizations must comply with
regulatory and organizational compliance
are a part of an ordinary it security policy framework
standards, procedures, policies, and guidelines
helps you determine the appropriate access to classified data
data classification standards
refers to the management of baseline settings for a system device
configuration controls
identify a primary step of the SDLC
project initiation and planning, functional requirements definition, system-design specification, build document, acceptance testing, implementation
is a process to verify policy compliance
security auditing
when monitoring a system for anomalies, the system is measured against
is not a type of penetration test
black-box testing
identify a darwback of log monitoring
cost effective, takes a large amount of disk space
are types of monitoring devices
intrusion detection systems (IDS), intrusion prevention systems (IPS) and firewalls
identify a primary component of risk management
reduction, avoidance, mitigation
is not a part of a quantitive risk assessment?
what are the primary components of business continuity management (BCM)
determins the extent of the impact that a particular incident would have on business operations over time
business impact alalysis (BIA)
what does risk management directly affect
security controls
is a cipher that shifts each letter in the english alphabet a fixed number of positions with z wrapping back to a
caesar cipher
identify a security objective that adds value to a business
is a asymmetric encryption algorithm
rivest shamir adelman (RSA)
identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature
is a mechanism for accomplishing confidentiality, integrity, authentication and nonrepudiation
in which osi layer do you find FTP, HTTP, andoter programs that end users interact with
application layer
identify the configuration that is best for networks with varying security levels, such as general users, a group of users working on a secret research project, and a group of executives
multilayered firewalls
would you not expect to find on a large network
is a weakness of WLANs
SSID beaconing
identify an advantage of IPv6 vs 4
larger address space
identify one of the first computer viruses to appear in the world
lehigh virus
are primary types of computer attacks
unstructured, structured, direct and indirect
how do worms propagate to other systems
by using the network communication protocol
type of program is also commonly referred to as a trojan horse
which defense in depth layer involves the use of chokepoints
how does a standard differ ffrom a compliance law
a law can require a standard to be met
is not a principle of the PCI DSS
maintain a change management program
identify the compliance law that requres adherence to the minimum necessary rule
identify the compliance law whose primary goal is to protect investors from financial fraud
SOX act
U.S organizations must comply with
federal laws and laws of the states where they are loaced