Vocab

Question 1

*-property

Answer 1

An aspect of the Bell-Lapadula security model that is commonly referred to as the “no-write-down” rule because it doesn’t allow a user to write to a file with a lower security classification thus preserving confidentiality.

Question 2

3DES

Answer 2

Triple DES encryption. Three rounds of DES encryption used to improve security.

Question 3

802.11

Answer 3

A family of standards that describe network protocols for wireless devices.

Question 4

802.1X

Answer 4

An IEEE standard for performing authentication over networks.

Question 5

Abuse Case

Answer 5

A use case built around a work process designed to abuse a normal work process.

Question 6

Acceptance Testing

Answer 6

The formal analysis that is done to determine whether a system or software product satisfies its acceptance criteria.

Question 7

AUP, Acceptable Use Policy

Answer 7

Acceptable Use Policy. A policy that communicates to users what specific uses of computer resources are permitted.

Question 8

Access

Answer 8

A subjects ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete.

Question 9

Access Control

Answer 9

Mechanisms or methods used to determine what access permissions subjects (such as a users) have for specific objects (such as files).

Question 10

Access Control List (ACL)

Answer 10

A list associated with an object (such as a file) that identifies what level of access each subject (such as a user) has - what they can do to the object (such as read, write, or execute).

Question 11

Active Directive

Answer 11

The directory service portion of the Windows operating system that stores information about network - based entities (such as applications, files, printers, and people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.

Question 12

ActiveX

Answer 12

A Microsoft technology that facilitates rich internet applications and, therefore, extend and enhances the functionality of Microsoft internet explorer. Like Java, ActiveX enables the development of interactive content. When an ActiveX - aware browser encounters a webpage that includes an unsupported feature, it can automatically install the appropriate application so the feature can be used.

Question 13

Address Resolution Protocol (ARP)

Answer 13

A protocol in the TCP/IP suite specification used to map an IP address to a Media Access Control (MAC) address.

Question 14

Adware

Answer 14

Advertising - supported software that automatically plays, displays or downloads advertisements after the software is installed or while the application is being used.

Question 15

Algorithm

Answer 15

A step - by - step procedure – typically an established computation for solving a problem with a set number of steps.

Question 16

Alpha Testing

Answer 16

A form of end - to - end testing done prior to product delivery to determine operational and functional issues.

Question 17

Annualized Loss Expectancy (ALE)

Answer 17

How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE=single loss expectancy * annualized rate of occurrence.

Question 18

Annualized Rate of Occurence (ARO)

Answer 18

The frequency with which an event is elected to occur in an annualized basis.

Question 19

Anomaly

Answer 19

Something that does not fit into an expected pattern.

Question 20

Application

Answer 20

A program or group of programs designed to provide specific user functions, such as a word processor or web server.

Question 21

Asset

Answer 21

Resources and information an organization needs to conduct it’s business.

Question 22

Asymmetric Encryption

Answer 22

Also called public key cryptography, this is a system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message -a public key, available to everyone, and a private key, available only to the owner of the key.

Question 23

Attack

Answer 23

An action taken against a vulnerability to exploit a system.

Question 24

Attack Surface Analyzer

Answer 24

A product from Microsoft designed to enumerate the elements of a system that are subject to attack.

Question 25

Attack Surface Evaluation

Answer 25

An examination of the elements of a system that are subject to attack and mitigations that can be applied.