Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

MIS 374 > Exam 2 > Flashcards

Exam 2 Flashcards

(50 cards)

Start Studying
1
Q

Service level agreement (SLA)

A

This type of agreement is a formal contract between your organization and the outside firm that details the specific services the firm will provide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Blanket purchase agreement (BPA)

A

A streamlined method of meeting recurring needs for supplies or services, a BPA creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services. BPAs can be very helpful in simplifying the process of recurring purchases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Memorandum of understanding (MOU)

A

Also called a letter of intent, a MOU is an agreement between two or more parties that expresses areas of common interest that result in shared actions. MOUs are generally less enforceable than a formal agreement but still more formal than an oral agreement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Interconnection security agreement (ISA)

A

Often an extension of a MOU, the ISA serves an agreement that documents the technical requirements of interconnected assets. This type of document is most often used to specify technical needs and security responsibilities of connected organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Discretionary access control (DAC)

A
  • Operating systems-based DAC policy considerations (access control method, new user registration, periodic review)
  • Application-based DAC
  • Permission levels
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Waterfall Method

A

Based on traditional project management practices in which extensive planning precedes any development. Progress through a project moves forward along a well-defined path. stairs going down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Agile Method

A

A newer family of project management approaches that depend on very short sprints of activity. Agile works well in very dynamic environments where requirements change and are often revisited, blender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SQL injection

A

A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cross-site scripting

A

A type of injection in which malicious scripts are injected into otherwise benign and trusted websites, the practice of getting a webpage to do something that is not intended, adding javascript into a request can cause additional requests to other servers which include sensitive information that the other server can record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Indentification

A

Who is asking to access the asset? Someone claims an identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authentication

A

Can their identities be verified? Proving identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Accountability

A

How are actions traced to an individual to ensure the person who makes data or system changes can be identified?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authorization

A

What, exactly, can the requestor access? And what can they do?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Job rotation

A

A policy that compels employees to rotate into different jobs, or at least rotate some of their duties to prevent fraud because employees know another person will be soon assuming their duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Least privilege

A

Every module (such as a process, a user, or a program) must be able to access only the information and resources that are necessary for its legitimate purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Separation of duties

A

Key concept of internal control, disseminate tasks and associated privileges for a specific security process among multiple people, restricts the amount of power or influence held by any individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Outsourcing security

A

Advantages:
- High level of expertise because it focuses on security

Disadvantages:

  • The outsourcing firm might not possess internal knowledge
  • You won’t develop in-house capability or talent and have to continue to pay for these services indefinitely
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Ethics

A
  • Set the example
  • Encourage adopting ethical guidelines and standards
  • Inform users through security awareness training
  • A code of ethics helps ensure professionalism
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Information security awareness programs

A

Planning, implement, operate and maintain, monitor and evaluate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Authorization

A

What, exactly, can the requestor access? And what can they do?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Rule-based access control

Study These Flashcards
A

Focused on the rules associated with the data’s access or restrictions, these rules may be parameters such as allowing access only from certain IP addresses or denying access from certain IP addresses

22
Q

False positive error

Study These Flashcards
A

When a scanner or intrusion prevention system flags a security vulnerability that you do not have

23
Q

False negative error

Study These Flashcards
A

When you’re told you don’t have a vulnerability when in fact you do

24
Q

Cloud computing (Advantages/Disadvantages)

Study These Flashcards
A

Advantages:

  • No need to maintain a data center
  • No need to maintain a disaster recovery site
  • Outsourced responsibility for performance and connectivity
  • On-demand provisioning

Disadvantages:

  • More difficult to keep private data secure
  • Greater danger of private data leakage
  • Demand for constant network access
  • Client needs to trust the outside vendor
25
MAC filtering
Security access control method whereby the MAC address assigned to each network card is used to determine access to the network, each address is assigned a 48-bit address which is used to determine whether we can access a network or not
26
Network monitoring
Does the organization have sufficient monitoring systems to detect unauthorized access?
27
Auditing
- A crucial type of evaluation to avoid a data brach - Auditing a computer system involves checking to see how its operation has met security goals - Audit tests may be manual or automated
28
Monitoring
- Monitor traffic with an IDS, which identifies abnormal traffic for further investigation - Use an IPS to actively block malicious traffic
29
Audit data collection methods
- Questionnaires - Interviews - Observation - Checklists - Reviewing documentation - Reviewing configurations - Reviewing policy - Performing security testing
30
Intrusion detection methods
- Host IDS: a host intrusion detection system excellent for "noticing" activity in a computer as the activity is happening - System integrity monitoring: systems such as Tripwire enable you to watch computer systems for unauthorized changes and report them to administrators in near real-time - Data loss prevention (DLP): use business rules to classify sensitive information to prevent unauthorized end users from sharing it - Application logging: all applications that access or modify sensitive data should have logs that record who used or changed the data and when - System logging: provides records of who accessed the system and what actions they performed on the system
31
Plain text/clear text
Unencrypted information pending input into cryptographic algorithms, clear text usually refers to data that is transmitted or stored unencrypted
32
Key distribution methods
- Paper distribution - Digital distribution (CDs or email), must protect keys in transit - Hardware (PCMCIA card, smart card, plug-in module)
33
WEP
Wired Equivalent Privacy is a security protocol that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN
34
WPA
WPA (Wi-Fi protected access) is a Wi-Fi security technology developed in response to the weaknesses of WEP, improving upon WEP's authentication and encryption features
35
Hash
- Like a checksum but operates so that a forged message will not result in the same hash as a legitimate message - Is usually a fixed size - Acts as a fingerprint for data - Help detect forgeries, computes a checksum of a message, and combines the checksum with a cryptographic function so that the result is tamperproof - A checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message - Usually a fixed size, resulting in a hash value, which is larger than checksum values
36
Caesar cipher
Each letter in the English alphabet a fixed number of positions, with Z wrapping back to A
37
Stream encryption
Encrypts one byte (or bit) at a time
38
Block encryption
Encrypts an entire block of data at a time
39
Dictionary attack
Form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary
40
Rainbow table attack
A type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.
41
Brute-force attack
The simplest method to gain access to a site or server, trying various combinations of usernames and passwords again and again until it gets in
42
WPA2
Better than WPA, further improves the security of a network because it requires using a stronger encryption method called AES
43
2 factor authentication
Security process in which the user provides two different authentication factors to verify themselves
44
Types of authentication
- Knowledge (something you know) - Ownership (something you have) - Characteristics (something unique to you) - Location (somewhere you are) - Action (something you do/how you do it)
45
Validation
Provide timely authorization to use or manipulate information or resources
46
Certification
Endorse information by a trusted entity
47
Witnessing
Verify the action to create an object or verify an object's existence by an entity other than the creator
48
Public/Private key
Private key: the same key is used for encrypting, symmetric Public key: two keys are used, one key is used for encryption and another is used for decryption (asymmetric)
49
Caesar cipher
Each letter in the English alphabet a fixed number of positions, with Z wrapping back to A, symmetric/stream/substitution
50
Cryptanalysts (what do they do and methods)
Cryptanalyst develops mathematical methods and codes that protect data from computer hackers - Ciphertext-only attack (COA): the sample of ciphertext is available, but not the plaintext associated with it - Known-plaintext attack (KPA): the ciphertext and the corresponding plaintext are both available - Chosen-plaintext attack - Chosen-ciphertext attack

MIS 374 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions