IS3340 CHAPTER 1 Flashcards Preview

IS3340 SEC. STRAT. IN WINDOWS PLATFORM & APPS. > IS3340 CHAPTER 1 > Flashcards

Flashcards in IS3340 CHAPTER 1 Deck (39):
1

A management action, written policy, procedure, guideline, regulation, law, or rule of any kind is called ___?

ADMINISTRATIVE CONTROL

2

Availability, Integrity, Confidentiality -- goals of information security is called ___?

A-I-C TRIAD

3

Any person or program that attempts to interact with a computer information system in an unauthorized manner is called ___?

ATTACKER

4

Any person or program that possesses permission to access a resource is called ___?

AUTHORIZED USER

5

The assurance that requested information is available to authorized uses upon request is called?

AVAILABILITY

6

A collection of computer and network devices connected to one or more networks, generally for the purpose of fulfilling business functions is called ___?

COMPUTER ENVIRONMENT

7

The assurance that information can only be accessed and viewed by authorized users is called ___?

CONFIDENTIALITY

8

A control that repairs the effects of damage from an attack. This includes virus removal procedures, firewall table updates, and user authorization database updates and is called ___?

CORRECTIVE CONTROL

9

A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource is called ___?

DEFENSE IN DEPTH

10

A control that detects when an action has occurred. This includes smoke detectors, log monitors, and system audits and is called ___?

DETECTIVE CONTROL

11

An agreement between the software producer and the end user. It addresses issues regarding approved use and liability. This is called ___?

END USER LICENSE AGREEMENT (EULA)

12

The practice of ensuring electronic information is safe from unauthorized use and accessible for authorized use is called ___?

INFORMATION SYSTEMS SECURITY

13

The assurance that information can be modified only by authorized users is called ___?

INTEGRITY

14

An alternate term for technical control is called ___?

LOGICAL CONTROL

15

Software that is designed to infiltrate a target computer and make it do something the attacker has instructed it to do is called ___?

MALICIOUS SOFTWARE

16

A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher is called ___?

PHYSICAL CONTROL

17

A control that stops an action before it occurs and includes locked doors, firewall rules, and user passwords is called ___?

PREVENTATIVE CONTROL

18

Any exposure to a threat is called a ___?

RISK

19

A mechanism used to protect information and related assets is called ___?

SECURITY CONTROL

20

A device or process that limits access to a resource. Examples would be user authentication, antivirus software, and firewalls. This is called ___?

TECHNICAL CONTROL

21

Any action that could lead to damage or loss is called ___?

THREAT

22

Any person or program that does not possess permission to access a resource is called ___?

UNAUTHORIZED USER

23

Any weakness that could allow a threat to be realized is called ___?

VULNERABILITY

24

Standalone malicious software programs that actively transmit themselves, generally over networks, to infect other computers is called ___?

WORMS

25

1. Which of the following is the best description of the defense in depth strategy?

1. Hiding protected resources behind multiple firewalls
2. Using multiple layers of security controls to protect resources
3. Fully securing the most important resources first
4. Staying current on as many known attacks as possible

Using multiple layers of security controls to protect resources

26

2. What is the main goal of information security ?

1. Protect information from unauthorized use
2. Catch as many unauthorized uses as possible
3. Protect information from unauthorized modification
4. Stop anonymous users from accessing information

Protect information from unauthorized use

27

3. Does turning off a computer make the information it contains secure?

1. Yes, because no unauthorized user can access information on a computer that is turned off
2. No, because the information might be copied somewhere else
3. Yes, because aggressive actions always result in more secure systems
4. No, because secure data must still be available to authorized users

No, because secure data must still be available to authorized users

28

4. Which of the following is the best description of a security control?

1. A mechanism to stop attacks before they occur
2. A rule that defines acceptable use of a computer
3. A mechanism that protects a resource
4. A device that detects unusual activity

A mechanism that protects a resource

29

5. Which of the following could be classified as a logical control?

1. Firewall
2. Fence
3. Acceptable use policy
4. Smoke detector

Firewall

30

6. Which of the following could be classified as a detective control?

1. Password
2. Door
3. Acceptable use policy
4. Log monitor

Log monitor

31

7. Which of the tenets of information security must directly serves the needs of authorized users?

1. Availability
2. Integrity
3. Confidentiality
4. None of the above

Availability

32

8. Which of the tenets of information security is most related to the "need to know" property?

1. Availability
2. Integrity
3. Confidentiality
4. None of the above

Confidentiality

33

9. Where is the most likely place a database management system would run?

1. Network device
2. Server
3. Thin client
4. Thick client

Server

34

10. Which Microsoft Windows Server 2008 R2 edition would be most appropriate for large-scale deployment using extensive virtualization?
1. Datacenter
2. HPC
3. Enterprise
4. Web

Datacenter

35

11. According to the Microsoft EULA, what is the extent of the damages that can be recovered due to a Windows fault?
1. Nothing
2. The price paid for the software license
3. Actual damages incurred
4. Actual damages incurred plus the cost of the software license

The price paid for the software license

36

12. Which of the following is the best definition of a threat?

1. Any exposure to damage
2. A weakness that allow damage to occur
3. An action that exploits a weakness
4. Any action that could lead to damage

Any action that could lead to damage

37

13. What worm was released in 2001 and primarily defaced Web sites?

1. SQL Slammer
2. Conficker
3. Code Red
4. Melissa

Code Red

38

14. What term describes a malicious software program that users are tricked into running?

1. Trojan horse
2. Worm
3. Virus
4. Phishing message

Trojan horse

39

15. Which of the following defines the cycle used to address Window threats and vulnerabilities?

1. Plan-do-review
2. Discovery-analyze-remediation
3. Design-implementation-verificatoin
4. Detection-containment-eradication

Discovery-analyze-remediation