Sunteți pe pagina 1din 2
Information Security Study online at quizlet.com/_684ks

Information Security

Study online at quizlet.com/_684ks

1. a subject or object's ability to use, manipulate, modify, or affect another subject or object

Access

2. scan networks for highly detailed information. An active scanner is one that initiates traffic on the network in order to determine security holes

active

vulnerability

scanners

3. rules designed to prohibit packets with certain addresses or partial addresses from passing through the device

address

restrictions

4. any software program intended for marketing purposes such as that used to deliver and display advertising banners or pop ups to the user's screen or tracking the user's online usage or purchasing activity

adware

5. the organizational resource that is being protected

Asset

6. An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it

Attack

7. allows the attacker to access the system at will with special privileges

back door/

trap door

8. based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed system user

biometric

access

control

9. an automated software program that executes certain commands when it receives specific input

bot

10. the application of computing and network resources to try every possible password combination

brute force

attack/

password

attack

11. an application error that occurs when more data is sent to a program buffer than it is designed to handle

buffer

overrun

12. all IDPS control functions are implemented and managed in a central location

central IDPS

control

strategy

13. the level at which the number of false rejections equals the false acceptance

crossover

error rate

14. an attack in which a coordinated stream of requests is launched against a target from many locations at the same time

distributed

denial-of-

service

(DDoS)

15. is an act of attracting attention to a system by placing tantalizing information in key locations-legal

enticement

16. the act of luring an individual into committing a crime to get a conviction-illegal

entrapment

17. the percentage of supplicants who are unauthorized users but are granted access

false accept

rate

18. the percentage of supplicants who are in fact authorized users but are denied access

false reject

rate

19. fingerprinting

systematic survey of all of the target organization's internet address

20. an information security program that prevents specific types of information from moving between the outside world ( untrusted network) and the inside network( trusted network)

firewall

21. footprinting

organized research of the internet address owned or controlled by a target organization

22. all control functions are applied at the physical location of each IDPS component

fully

distributed

IDPS control

strategy

23. people who use and create computer software [to] gain access to information illegally

Hackers

24. honey pots

decoy systems designed to lure potential attackers away from critical systems

25. honeynet

collection of honey pots

26. to protect the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission

information

security

27. more than the hardware: it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the organization

Information

system

28. intrusion

occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system

29. finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again

intrusion

correction

30. procedures and systems that identify system intrusions

intrusion

detection

31. intrusion

prevention

activities that deter an intrusion

32. encompasses the actions an organization takes when an intrusion is detected

Intrusion

reaction

33. uses symmetric key encryption to validate an individual user to various network resources

kerberos

34. attack includes the execution of viruses, worms, trojan horses, and active web scripts with the intent to destroy or steal information

malicious

code

35. an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network

man in the middle (TCP hijacking attack)

36. to protect networking components, connections, and other contents

network

security

37. to protect communication media, technology, and content

operations

security

38. network that collects copies of packets from the network and analyzes them

packet

sniffer

a

39. still analyze and respond to local threats, their reporting to a hierarchical central facility enables the organization to detect widespread

partially

distributed

IDPS control

strategy

attacks

40. one that listens in on the network and determines vulnerable versions of both server and client software

passive

vulnerability

scanner

41. to protect the individual or group of individuals who are authorized to access the organization and its operations

personnel

security

42. the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information

pharming

43. to protect physical items, objects, or areas from unauthorized access and misuse

Physical

Security

44. one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for reconfigured signatures

polymorphic

threat

45. the quality or state of ownership or control

possession

46. primary purpose is to restrict internal access to external material

reverse

firewalls

47. the probability that something unwanted will

Risk

happen

48. the quantity and nature of risk the organization is willing to accept

risk appetite

spike

49. momentary increase

50. technique used to authorize access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the message are coming from a trusted host

spoofing

51. any technology that aids in gathering information about a person or organization without their knowledge

spyware

52. a prolonged increase

surge

53. Systems

development

life cycle

a methodology for the design and

implementation of an information system

54. use a combination of techniques to detect an intrusion and then trace it back to its source

Trap-and-

trace

55. software programs that hide their true nature and reveal their designed behavior only when activated

trojan horse

56. quality or state of having value for some purpose or end

utility

57. a private and secure connection between systems that uses the data communication capability of an unsecured and public network

virtual

Private

networks

58. a weakness or fault in a system or protection mechanism that opens it to attack or damage

Vulnerability

59. machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack

Zombies