Flashcards in IS3340 CHAPTER 1 Deck (39):
A management action, written policy, procedure, guideline, regulation, law, or rule of any kind is called ___?
Availability, Integrity, Confidentiality -- goals of information security is called ___?
Any person or program that attempts to interact with a computer information system in an unauthorized manner is called ___?
Any person or program that possesses permission to access a resource is called ___?
The assurance that requested information is available to authorized uses upon request is called?
A collection of computer and network devices connected to one or more networks, generally for the purpose of fulfilling business functions is called ___?
The assurance that information can only be accessed and viewed by authorized users is called ___?
A control that repairs the effects of damage from an attack. This includes virus removal procedures, firewall table updates, and user authorization database updates and is called ___?
A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource is called ___?
DEFENSE IN DEPTH
A control that detects when an action has occurred. This includes smoke detectors, log monitors, and system audits and is called ___?
An agreement between the software producer and the end user. It addresses issues regarding approved use and liability. This is called ___?
END USER LICENSE AGREEMENT (EULA)
The practice of ensuring electronic information is safe from unauthorized use and accessible for authorized use is called ___?
INFORMATION SYSTEMS SECURITY
The assurance that information can be modified only by authorized users is called ___?
An alternate term for technical control is called ___?
Software that is designed to infiltrate a target computer and make it do something the attacker has instructed it to do is called ___?
A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher is called ___?
A control that stops an action before it occurs and includes locked doors, firewall rules, and user passwords is called ___?
Any exposure to a threat is called a ___?
A mechanism used to protect information and related assets is called ___?
A device or process that limits access to a resource. Examples would be user authentication, antivirus software, and firewalls. This is called ___?
Any action that could lead to damage or loss is called ___?
Any person or program that does not possess permission to access a resource is called ___?
Any weakness that could allow a threat to be realized is called ___?
Standalone malicious software programs that actively transmit themselves, generally over networks, to infect other computers is called ___?
1. Which of the following is the best description of the defense in depth strategy?
1. Hiding protected resources behind multiple firewalls
2. Using multiple layers of security controls to protect resources
3. Fully securing the most important resources first
4. Staying current on as many known attacks as possible
Using multiple layers of security controls to protect resources
2. What is the main goal of information security ?
1. Protect information from unauthorized use
2. Catch as many unauthorized uses as possible
3. Protect information from unauthorized modification
4. Stop anonymous users from accessing information
Protect information from unauthorized use
3. Does turning off a computer make the information it contains secure?
1. Yes, because no unauthorized user can access information on a computer that is turned off
2. No, because the information might be copied somewhere else
3. Yes, because aggressive actions always result in more secure systems
4. No, because secure data must still be available to authorized users
No, because secure data must still be available to authorized users
4. Which of the following is the best description of a security control?
1. A mechanism to stop attacks before they occur
2. A rule that defines acceptable use of a computer
3. A mechanism that protects a resource
4. A device that detects unusual activity
A mechanism that protects a resource
5. Which of the following could be classified as a logical control?
3. Acceptable use policy
4. Smoke detector
6. Which of the following could be classified as a detective control?
3. Acceptable use policy
4. Log monitor
7. Which of the tenets of information security must directly serves the needs of authorized users?
4. None of the above
8. Which of the tenets of information security is most related to the "need to know" property?
4. None of the above
9. Where is the most likely place a database management system would run?
1. Network device
3. Thin client
4. Thick client
10. Which Microsoft Windows Server 2008 R2 edition would be most appropriate for large-scale deployment using extensive virtualization?
11. According to the Microsoft EULA, what is the extent of the damages that can be recovered due to a Windows fault?
2. The price paid for the software license
3. Actual damages incurred
4. Actual damages incurred plus the cost of the software license
The price paid for the software license
12. Which of the following is the best definition of a threat?
1. Any exposure to damage
2. A weakness that allow damage to occur
3. An action that exploits a weakness
4. Any action that could lead to damage
Any action that could lead to damage
13. What worm was released in 2001 and primarily defaced Web sites?
1. SQL Slammer
3. Code Red
14. What term describes a malicious software program that users are tricked into running?
1. Trojan horse
4. Phishing message