IS4550 SECURITY POLICIES > IS4550 CHAPTER 10 > Flashcards

IS4550 CHAPTER 10 Flashcards

(20 cards)

Study These Flashcards
1
Q

An implementation technique to control access to a resource by maintaining a table of authorized user IDs is called ___.

A

ACCESS CONTROL LIST (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Software or plug-ins that run within a client browser, usually when visiting certain Web sites is called ___.

A

ACTIVE CONTENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The act of recording relevant security events that occur on a computing or network device (server, workstation, firewall, etc.) This can also refer to a review of business and financial processes and files by an auditor is called ___.

A

AUDIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The process of removing unnecessary software on a server or workstation, turning off unneeded network ports and services, and preventing users from changing a machine’s configuration is called ___.

A

HOST HARDENING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A series of software agents, appliances, and servers that monitor for network activity that is deemed a threat, alerts, administrators, and logs the information. They operate by matching signatures of known poodle network attack traffic or by building over time a baseline of normal behavior then alerting on traffic that is anomalous to that normal pattern of behavior and is called ___.

A

INTRUSION DETECTION SYSTEM (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A system that intercepts potentially hostile activity prior to it being process is called ___.

A

INTRUSION PREVENTION SYSTEM (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application firewall that is used to control the flow of traffic to and from the Internet to user workstations attached to a local area network. It intercepts the user’s request for an Internet resource, initiates a new connection, and proxies the result back to the requestor and is called ___.

A

USER PROXY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Automated information services over the Internet using standardized technologies and formats/protocols that simplify the exchange and integration of data. This helps organizations to inter-operate regardless of the types of operating systems, programming languages, and databases being used and is called ___.

A

WEB SERVICES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. The steps to implement security controls on a firewall would be documented within which of the following?
  2. Policy
  3. Control standard
  4. Baseline standard
  5. Procedure
A

Procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A DMZ separates a LAN from which of the following?
  2. Phone network
  3. Internet network
  4. Cellular network
  5. VoIP network
A

Internet network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Visitor control is an aspect of which of the following?
  2. Network security
  3. Personnel security
  4. Workstation security
  5. Physical security
A

Physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of the following can you use to segment LANs?
  2. Routers and firewalls
  3. Routers and gateways
  4. Gateways and servers
  5. Servers and workstations
A

Routers and firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Without a policy that leads to controls that restrict employees from installing their own software on a company workstation, a company could suffer which of the following consequences?
  2. Malware on the network
  3. Lawsuits from software licensing issues
  4. Loss of productivity
  5. All the above
A

Malware on the network
Lawsuits from software licensing issues
Loss of productivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Good sources for security policies and standards include which of the following?
  2. US Government
  3. Private companies selling standards
  4. Professional organizations
  5. Vendors
  6. All the above
A

US Government
Private companies selling standards
Professional organizations
Vendors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Two-factor authentication is a typical control used by employees to remotely access which of the following?
  2. Workstation
  3. LAN
  4. DMZ Web site
  5. WAN
A

LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which document outlines the specific controls that a technology device needs to support?
  2. Control standard
  3. Baseline standard
  4. Procedure
  5. Policy
Study These Flashcards
A

Baseline standard

17
Q
  1. The User Proxy control standard is needed for the ___ domain.
18
Q
  1. The content for the documents in the policies and standards library should be written so they are ___ and ___.
Study These Flashcards
A

Cohesive

Coherent

19
Q
  1. Production data should be sanitized before being used in a test environment.
    TRUE OR FALSE
20
Q
  1. Organizations should always create new policies tailored to their needs rather than adopt industry norms found on the Internet.
    TRUE OR FALSE
IS4550 SECURITY POLICIES
flashcards
Decks in class (15)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions