Term
| According to the FBI Computer Crime and Security Survey, the loss of data of respondents was approximately what number? (Page 93) |
|
Definition
|
|
Term
| What act is designed to broaden the surveillance of law enforcement agences to detect and suppress terroism?(page 14) |
|
Definition
|
|
Term
| According to a research group, over what fraction of daily email messages are unsolicited and could be carring a malicious payload. (Page 15) |
|
Definition
|
|
Term
| What is a program advertised as preforming one activity but actually does something else?(Page 44) |
|
Definition
|
|
Term
| One type of virtualization in which an entire operating system environment is simulated is known as what? (Page 59) |
|
Definition
| Operating System Virtualization |
|
|
Term
| What typically involes using clients-side scripts written in Java Script that are designed to extract information from the victim and then pass the information to the attacker(Page 93) |
|
Definition
| Cross Site Scripting(XSS) |
|
|
Term
| What is a process of ensuring that any inputs are "clean"and will not corrupt the system? (Page 93) |
|
Definition
|
|
Term
| What are active Internet connections that down load a specfic file that is available through a tracker.(Page 99) |
|
Definition
|
|
Term
| What wireless CSMA/CA, the amount of time that a device must wait after the medium is clear is called what? (Page 128) |
|
Definition
|
|
Term
| The most common type of antenna for war driving is an omnidirectional antenna, also known as what?(Page 139) |
|
Definition
|
|
Term
| What is the name given to a wireless technology that uses short-range RF transmission? (Page 139) |
|
Definition
|
|
Term
| What is the unauthorized access of information from a wireless device through a bluetooth connection? (Page 141) |
|
Definition
|
|
Term
| Using__________, networks can essentially be divided into three parts: networks, subnet, and host.(Page 155) |
|
Definition
|
|
Term
| What kind of IP addresses are not assigned to any specific users or organization;Instead ,they can be used by any user on the private Internal network.(Page 162) |
|
Definition
|
|
Term
| _________ packet filtering keeps a record of the state of a connection between an internal computer and an external server and then makes decision based on the connection as well as the rule base.(Page 167) |
|
Definition
|
|
Term
| What kind of honeypots are complex to deploy and capture extensive information.These are used primarily by research, military, and government organizations.(Page170) |
|
Definition
|
|
Term
| What is an instruction that interrupts the programs being executed and request a service from the operating system.(Page 172) |
|
Definition
|
|
Term
| What works to protect the entire network and all devices that are connected to it?(Page173) |
|
Definition
| Network Intrusion Prevention System(NIPS) |
|
|
Term
| What can fully decode application layer network protocols.Once these protocols are decoded,the different parts of the protocols can be analyzed for any suspicious behavior.(Page 315) |
|
Definition
|
|
Term
| What is an industry standard protocol specification that fowards user name and password information to a centralized server.(Page280) |
|
Definition
| Terminal Access Control Acess Control System (TACACS) |
|
|
Term
| What is sometimes called X.500 Lite, and also a subset of DAP?(Page281) |
|
Definition
| Lightweight Directory Access Protocol(LDAP) |
|
|
Term
| What refers to any combination of hardware and software that enables access to remote users to a local internal network.(Page284) |
|
Definition
| Remote Access Services(RAS) |
|
|
Term
| What is the end of the tunnel between VPN devices.(Page285) |
|
Definition
|
|
Term
| What generally denotes a potential negative impact to an asset.(Page304) |
|
Definition
|
|
Term
| What model can dynamically assign roles to subject based on a set of rules defined by a custodian.(Page232) |
|
Definition
| Rule Based Access Control (RBAC) |
|
|
Term
| In the early 1980's, the IEEE began work on developing computer network architecture standards, this work is called what?(Page191) |
|
Definition
|
|
Term
| What was designed to ensure that only authorizaed parties can view transmitted wireless information?(Page 193) |
|
Definition
| Wired Equivalent Privacy(WEP) |
|
|
Term
| The plain text to be transmitted has a CRC (Cycle Redundancy Check) value calculated,which is a checksum based on the contents of the text.WEP calls this __________ and appeals it to the end of the text. |
|
Definition
| Integrity Check Value (ICV) |
|
|
Term
| In order to address growing wireless security concerns, in October 2003, the WI-FI Alliance introduced what?(Page203) |
|
Definition
| Wifi Protcted Access(WPA) |
|
|
Term
| Regarding access control,what is a specific resources, such as a file or a hardware device.(Page228) |
|
Definition
|
|
Term
| What is a practice that requires that if the fraudulent application of a process could potentially result in a breech of security,then the process should be divided between two or more indivduals(Page233) |
|
Definition
|
|
Term
| The principle of __________in access control means that each user should be given only the minimal amount of priviledges necessary to preform his or her job funtion.(Page233) |
|
Definition
|
|
Term
| What is the verification of the credentials to ensure that they are genuine and not fabricated(Page267) |
|
Definition
|
|
Term
| What is the presention of credentials or identification typically preformed when logging on to a system (Page 267) |
|
Definition
|
|
Term
| Who grants premission for admittance(Page267) |
|
Definition
|
|
Term
| What is the most common type of OTP (Page268) |
|
Definition
|
|
Term
What is a decentralized open sources FIM(Federated Identity Management)
that does not require specific software to be installed on the desktop.(Page 277) |
|
Definition
|
|
Term
| The International Organization for Standardization(ISO) created a standard for directory srevices known as what (Page 281) |
|
Definition
|
|
Term
| What is a very basic authentication protocol that was used to authentication a user to a remote access server or to an Internet services provider(ISP) (Page 283) |
|
Definition
| Password Authenication Protocol(PAP) |
|
|
Term
| Known as __________, this in effect takes a snapshot of the security of the organization as it now stands (Page 308) |
|
Definition
|
|
Term
| What is the expected monetary loss eveytime a risk occurs (Page 309) |
|
Definition
| Single Loss Expectancy(SLE) |
|
|
Term
| What kind of risk is spread over all of the members of the pool (Page 311) |
|
Definition
|
|
Term
| Most communication in TCP/IP involves the exchange of information between a program running on one device known as what (Page 312) |
|
Definition
|
|
Term
| TCP/IP uses a numeric value as an identifer to applications and services on the systems. This is known as what (Page 312) |
|
Definition
|
|
Term
| The Windows file and folder ________ premission allows files and folders to be opened as read only and to be copied(Page 335) |
|
Definition
|
|
Term
| What premissions allows the creation of files and folders,and allow data to be added to or removed from files (Page335) |
|
Definition
|
|
Term
| ILM(Information Lifecycle Management) strategies are typically recorded on what kind of policies |
|
Definition
| Storage and Retention Policies |
|
|
Term
| What is the process of generating,transmitting and disposing of computer security log data (Page340) |
|
Definition
|
|
Term
| What logs can be used to determined whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them (Page 342) |
|
Definition
|
|
Term
| What is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server,or even personal digital assistant(PDA) or cell phone (Page349) |
|
Definition
|
|
