Chapter 8: Security

Question 1

To ensure that that the user can only access the information resources that are appropriate. It determines which users can authorized to read, modify, add, and/or delete information.

Answer 1

Access Control

Question 2

An acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used.

Answer 2

Acceptable Use Policies (AUP)

Question 3

Which identifies a list of users who have the capability to take specific actions with an information resource such as data files. Specific permissions are assigned to each user such as read, write, delete, or add. Only users with those permissions are allowed to perform those functions.

Answer 3

ACL

Question 4

Are software that can be installed on a computer or network to detect and remove known malicious programs like viruses, and spyware. While …provide some protection they are a reactive defense in that they must first understand what to look for.

Answer 4

Antivirus Programs

Question 5

Making sure a person is who they say they are. Three factor identification: Identifying someone: something they know, something they have, or something they are.

Answer 5

Authentication

Question 6

That information can be accessed and modified by anyone authorized to do so in appropriate timeframe.

Answer 6

Availability

Question 7

The procedure for making extra copies of data in case the original is lost or damaged.

Answer 7

Backup

Question 8

A type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. Example, a fingerprint scan.

Answer 8

Biometric Authentication

Question 9

Protecting information, to be able to restrict access to only those who are allowed to see it.

Answer 9

Confidentiality

Question 10

(Also referred to as computer crime) is an illegal activity that is committed with the use of a computer, or where a computer is the object of the crime.

Answer 10

Cybercrime

Question 11

Attack does exactly what the term suggests: it prevents a web server from servicing authorized users.

Answer 11

Denial-of-Service (DoS)

Question 12

One of the most common ways thieves steal corporate information is the theft of employee laptops while employees are traveling. Employees should be trained to secure their equipment whenever they are away from the office.

Answer 12

Employee Training

Question 13

The process of encoding data upon its transmission or storage so that only authorized individuals can read it.

Answer 13

Encryption

Question 14

An organization’s servers and other high value equipment should always be kept in a room that is monitored for temperature, humidity, and airflow. The risk of a server failure rises when these factors exceed acceptable ranges

Answer 14

Environmental Monitoring

Question 15

A software program or hardware device that is used to increase security on its network by blocking unwanted messages/data.

Answer 15

Firewall

Question 16

When someone accesses a computer without permission.

Answer 16

Hacking

Question 17

When a criminal gains access to your personal information and uses it without your knowledge.

Answer 17

Identity Theft

Question 18

The assurance that the information being accessed has not been altered and truly represents what is intended.

Answer 18

Integrity

Question 19

Works to provide the functionality to identify if the network is being attacked.

Answer 19

Intrusion Detection System (IDS)

Question 20

It may seem obvious, but all the security in the world is useless if an intruder can simply walk in and physically remove a computing device. High value information assets should be secured in a location with limited access.

Answer 20

Locked doors

Question 21

A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Answer 21

Multifactor authentication

Question 22

Occurs when a user receives an e-mail that looks as if it is from a trusted source, such as their bank or employer. In the e-mail the user is asked to click a link and log in to a website that mimics the genuine website, then enter their ID and password.

Answer 22

Phishing

Question 23

High value information assets should be monitored through the use of security cameras and other means to detect unauthorized access to the physical locations where they exist.

Answer 23

Physical Intrusion Detection

Question 24

The protection of the actual hardware and networking components that store and transmit information resources.

Answer 24

Physical Security

Question 25

which is the illegal copying and distribution or use of software

Answer 25

Piracy

Question 26

Two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses their private key to decode it. The public key can be given to anyone who wishes to send the recipient a message..

Answer 26

Public Key Encryption

Question 27

Instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access. This allows the administrators to manage users and roles separately, simplifying administration and, by extension, improving security.

Answer 27

RBAC

Question 28

Devices should be locked down to prevent them from being stolen. One employee’s hard drive could contain all of your customer information, so it is essential that it be secured.

Answer 28

Secured Equipment

Question 29

A technique where culprits disguise their identities by modifying the address of the computer from which the scheme has been launched. Typically, the point is to make it look as if an incoming message has originated from an authorized source.(

Answer 29

Spoofing

Question 30

when criminals lure individuals into sending them personal, confidential data that can be used in crime. For example, someone phones you posing as a customer service representative asking for your banking log-on information.

Answer 30

Social Engineering

Question 31

Where both parties share the encryption key. Encryption makes information secure as the message is sent in code and appears to those without the public key as a random series of letters and numbers.

Answer 31

Symmetric Key Encryption

Question 32

A device that provides battery backup to critical components of the system, allowing they system to stay online longer and/or allowing the IT Staff to shut them down using proper procedures in order to prevent the data loss that might occur from power failure.

Answer 32

Universal Power Supply (UPS)

Question 33

A virtual private network allows user who are outside of a corporate network to take a detour around the firewall and access the internal network from the outside.

Answer 33

VPN