CIS 377 - Review Ch. 5 - 8

________often function as standards or procedures to be used when configuring or maintaining systems.

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

____________________ controls are information security safeguards that focus on the application of modern technologies, systems, and processes to protect information assets..

T or F: The ISSP sets out the requirements that must be met by the information security blueprint or framework.

____________ controls are the tactical and technical implementations of security in the organization.

T or F: A(n) strategic ​information security policy is also known as a general security policy, and sets the strategic direction, scope, and tone for all security efforts.

The goals of information security governance include all but which of the following? a. ​Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved b. ​Risk management by executing appropriate measures to manage and mitigate threats to information resources c. ​Strategic alignment of information security with business strategy to support organizational objectives d. Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

A(n) ____________________ is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties.

A ________________ is a plan that shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.

A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.

_______________ is the process of validating a supplicant's purported identity.​

The application firewall is also known as a(n) ____________________ server.

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____________________ host.

T or F: ​Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

In Kerberos, a(n) ____________________ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services.

__________ inspection firewalls keep track of each network connection between internal and external systems.

__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.

_____________ ​is a de facto standard for circuit-level gateways.

____________________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.

T or F: The primary disadvantage of _______________ firewalls is the additional processing required to manage and verify packets against the state table.

A packet ____________________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

T or F: A false positive is the failure of an IDPS system to react to an actual attack event.

__________ are decoy systems designed to lure potential attackers away from critical systems.

IDPSs can also help the organization protect its assets when its networks and systems are still exposed to ____________________ vulnerabilities or are unable to respond to a rapidly changing threat environment.

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.

____________________ is a systematic survey of all of the target organization's Internet addresses.

When an _______________ cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message.

__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.__________ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

__________ is a protocol that can be used to secure communications across any IP-based network such as LANs, WANs, and the Internet.

A __________ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

____________________ is the process of making and using codes to secure the transmission of information.

T or F: Within a PKI, a(n) registration authority issues, manages, authenticates, signs, and revokes users' digital certificates, which typically contain the user name, public key, and other identifying information.

Also known as the one-time pad, the ____________________ cipher, which was developed at AT&T, uses a set of characters only one time for each encryption process.

A mathematical ____________________ is a secret mechanism that enables you to easily accomplish the reverse function in a one-way function.

T or F: Standard-HTTP (S-HTTP) is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server.

___________________ was developed by MasterCard and VISA in 1997 to protect against electronic payment fraud.