Domain 2 Flashcards
(42 cards)
Filip installs and integrates a non discretionary system, which access control policy gets enforced?
Role based
The users gets their priv from their role
Annette has decided to use a passphrase instead of a dictionary word password for better security. Her new password converts into?
Virtual password
Im system today convert the password into a hash so that if this system gets hacked attack her only has password hasshest instead of the actual password. The hash ax as a virtual password because his value authenticate the user not the password itself 
Hubert desires the best and most expensive security protection for their firm. Which of the following should they select?
Passwords
Smart cards
Palm vein scanner
Fingerprinted reader
Palm vein scanner
Control category that react after an incident is called
Corrective
Allison is a security manager charged with investigating a recent preaching to the corporate network. What control category does this fall under
Detective
O’Reillys performing a security audit for a customer and find several cases were users can access to data without a formal access approval procedure. Riley recommend a formal access approval process to fix the issue. Which grocery list that approves policies for users to gain access to data?
Data owner
Data owners are responsible for allowing access to data they owned. Data owners approve access policies and then operations implement some
A company is setting up an idea that is rule-based. A rule based IDS does/contain which of the following
If statements
Passive entities that subjects access are called what
Objects
When it comes to providing a user with access to resources just that falls authentication is called
Authorization
What type of risk exists when several Entities or orgs are involved in a project. The risk or threats are often due to the variations of objectives, expectations, timelines budgets and security priorities
Multiparty risk
What is the weakness in a asset or absence of the weakness of a safeguard or countermeasure?
Vulnerability
Anything used in a business process or task
Asset
Being suspected to asset loss bc of a threat, there is a possibility that a vulnerability can or will be exploited
Exposure
Then possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result
Risk
Any potential Al occurrence that may cause an undesirable or unwanted outcome for an org or for specific asset
Threat
When evaluating safeguards what is the rule that should be followed in most cases
The annual costs of safeguards should not exceed the expected annual cost of asset value loss
What is a valid definition of risk
An assessment of probability, possibility or chance
Risk=threat*vulnerability
Every instance of exposure
What is the level of natural, native or default risk that exists in an environment, system or product prior to any risk management efforts being performed
Inherent risk
Phishing, hoax, watering hole and bushing are examples of social engineering attacks
True
What is it when the behavior of users, objects, visitors, customers are analyzed for a specific goal or purpose
UEBA and UBA
Should disabling them users account when they’re terminated as soon as possible
True
What ensures that orgs providing services maintain an appropriate level of service agreed on by both the service providers, vendor or contractor and the customer org
SLA
Are SLAs important when using any goer of third party services
True
What is the detailed process of identifying factors that could damage or disclosure assets, evaluating those factors in light of asset value and countermeasure cost and implements ring cost effective shrinks for mitigating or reducing risk
Risk management
