sec + final


Flashcards by maxwell3254, updated more than 1 year ago
Created by maxwell3254 about 9 years ago

Resource summary

Question Answer
an electronic document that associates credentials with a public key Digital certificate
the proccess of identifying end users in a transaction that involves a series of steps to be carried out before the user's identity is confirmed Certificate authentication
Subordinate CA below the root in the hierarchy, issue certs and provide day-to-day management of the certs, including renewal, suspension, and revocation
if a user, server, or client machine does not have the right cert, there is nothing you can do to secure communications to or from that entity Enroll certificates
users and other entities obtain certs from the CA through the .. Certificate Enrollment Process
authentication is determined by the cert policy requirements (ID/password, driver's license) RA authenticates entity
why did the connection fail because the server now requires secure communications
you should renew certs appropriately so that you do not have any interruptions in your security services Certificate renewal
an alternative to key backups, can be used to store private keys securely, while allowing one or more trusted third parties access to the keys under predefined conditions key escrow
an HTTP based alternative to a CRL for checking the status of revoked certs. The responder uses the certs serial number to search for it in the CA's database Online Certificate Status Protocol
deterrent, preventive, detective, compensating, technical, administrative Physical security controls
the practice of ensuring that the requirements of legislation, regulations, industry codes, and standards, and organizational standards are met Compliance
info security professionals must observe generally accepted forensic practices when investigating security incidents Forensic requirements
common information classifications high, medium, low restricted, private, public confidential, restricted, public
correspondence of a private nature between two people that should be safeguarded private
this agreement clearly defines what services are to be provided to the client, and what support if any will be provided Service-level agreement (SLA)
evaluation of an organization, a portion of an organization, an info system, or system components to assess the security risk Risk assessment
evaluation of known threats to an organization and the potential damage to business operations and systems Threat assessment
hardware/software installations that are implemented to monitor and prevent threats and attacks to computer systems and services Technical controls
reviews may be carried out manually by a developer, or automatically using a source cod analysis tool Perform code reviews
completed before a security implementation is applied, the reviewer can determine if the security solution will in fact fulfill the needs of an organization Review the security design
also known as profiling, the attacker chooses a target and begins to gather info that is publicly or readily available Footprinting
also called banner grabbing, the second step is to scan an organization's infrastructure or systems to see where vulnerabilities might lie Scanning
where the tester is given no specific information about the structure of the system being tested Black box test
where the tester has partial knowledge of internal architectures and systems Grey box test
when the tester knows all aspects of the system and understands the function and design of the system before the test is conducted White box test
the position an organization takes on securing all aspects of its business Security posture
a software solution that detects an prevents sensitive info in a system from being stolen or falling into the wrong hands Data Leak Prevention (DLP)
a specific instance of a risk event occurring, whether or not it causes damage Security Incident
the set of practices and procedures that govern how an organization will respond to an incident in progress Incident management
a criminal act that involves using a computer as a source or target, instead of an individual Computer crimes
1. Assess the level of damage 2. Recover from the incident 3. Report the incident Basic incident recovery process
should be done to determine the extent of damage, the cause, and the amount of expected downtime Damage Assessment
a report that includes a description of the events that occurred during a security incident Incident reports
a policy that defines how an organization will maintain normal day-to-day business operations in the event of business disruption or crisis Business continuity plan (BCP)
a preparation step in BCP development that identifies present organizational risks and determines the impact to ongoing, business-critical operations and processes if such risks actually occur Business Impact Analysis (BIA)
a component of the BCP that specifies alternate IT contingency procedures that you can switch over to when you are faced with an attack or disruption in service leading to a disaster for the organization IT contingency planning
Disaster Recovery Plan - a list and contact info for those responsible for the recovery -an inventory of hard/soft ware -a record of important business info that you would require to continue business -a record of procedure manuals and critical info such as BCP and IT plan -Specifications for alt sites
the rating on a device or devices that predicts the expected time between failures Mean time between failures (MTBF)
action-based sessions where employees can validate DRPs by performing scenario-based activities in a simulated environment Functional exercises
should be conducted to determine the extent of incurred facility damages, to identify the cause, estimate downtime, and can also determine the appropriate response strategy Assess the damage
a group of designated individuals who implement recovery procedures and control recovery operations in the event of an internal or external disruption to critical business processes Recovery team
all selected files that have changed since the last full or differential backup are backed up incremental backup
backing up sensitive or important data is only part of the solution, as that backup also needs to be secure secure backups
Show full summary Hide full summary


Microbiology MCQs 3rd Year Final- PMU
Med Student
Anatomy and Physiology
Science Final Study Guide
Caroline Conlan
APUSH End-of-Year Cram Exam: Set 1
Nathaniel Rodriguez
CCNA Security Final Exam
Maikel Degrande
CCNP TShoot Final
Macroeconomics Final
Koda M
audio electronics
Lillian Mehler
Biochemistry Final Review
Kaitlyn Emily Bi
Qualitative Research Final Exam
Courtney Westerberg