Criado por maxwell3254
mais de 9 anos atrás
|
||
Questão | Responda |
an electronic document that associates credentials with a public key | Digital certificate |
the proccess of identifying end users in a transaction that involves a series of steps to be carried out before the user's identity is confirmed | Certificate authentication |
Subordinate CA | below the root in the hierarchy, issue certs and provide day-to-day management of the certs, including renewal, suspension, and revocation |
if a user, server, or client machine does not have the right cert, there is nothing you can do to secure communications to or from that entity | Enroll certificates |
users and other entities obtain certs from the CA through the .. | Certificate Enrollment Process |
authentication is determined by the cert policy requirements (ID/password, driver's license) | RA authenticates entity |
why did the connection fail | because the server now requires secure communications |
you should renew certs appropriately so that you do not have any interruptions in your security services | Certificate renewal |
an alternative to key backups, can be used to store private keys securely, while allowing one or more trusted third parties access to the keys under predefined conditions | key escrow |
an HTTP based alternative to a CRL for checking the status of revoked certs. The responder uses the certs serial number to search for it in the CA's database | Online Certificate Status Protocol |
deterrent, preventive, detective, compensating, technical, administrative | Physical security controls |
the practice of ensuring that the requirements of legislation, regulations, industry codes, and standards, and organizational standards are met | Compliance |
info security professionals must observe generally accepted forensic practices when investigating security incidents | Forensic requirements |
common information classifications | high, medium, low restricted, private, public confidential, restricted, public |
correspondence of a private nature between two people that should be safeguarded | private |
this agreement clearly defines what services are to be provided to the client, and what support if any will be provided | Service-level agreement (SLA) |
evaluation of an organization, a portion of an organization, an info system, or system components to assess the security risk | Risk assessment |
evaluation of known threats to an organization and the potential damage to business operations and systems | Threat assessment |
hardware/software installations that are implemented to monitor and prevent threats and attacks to computer systems and services | Technical controls |
reviews may be carried out manually by a developer, or automatically using a source cod analysis tool | Perform code reviews |
completed before a security implementation is applied, the reviewer can determine if the security solution will in fact fulfill the needs of an organization | Review the security design |
also known as profiling, the attacker chooses a target and begins to gather info that is publicly or readily available | Footprinting |
also called banner grabbing, the second step is to scan an organization's infrastructure or systems to see where vulnerabilities might lie | Scanning |
where the tester is given no specific information about the structure of the system being tested | Black box test |
where the tester has partial knowledge of internal architectures and systems | Grey box test |
when the tester knows all aspects of the system and understands the function and design of the system before the test is conducted | White box test |
the position an organization takes on securing all aspects of its business | Security posture |
a software solution that detects an prevents sensitive info in a system from being stolen or falling into the wrong hands | Data Leak Prevention (DLP) |
a specific instance of a risk event occurring, whether or not it causes damage | Security Incident |
the set of practices and procedures that govern how an organization will respond to an incident in progress | Incident management |
a criminal act that involves using a computer as a source or target, instead of an individual | Computer crimes |
1. Assess the level of damage 2. Recover from the incident 3. Report the incident | Basic incident recovery process |
should be done to determine the extent of damage, the cause, and the amount of expected downtime | Damage Assessment |
a report that includes a description of the events that occurred during a security incident | Incident reports |
a policy that defines how an organization will maintain normal day-to-day business operations in the event of business disruption or crisis | Business continuity plan (BCP) |
a preparation step in BCP development that identifies present organizational risks and determines the impact to ongoing, business-critical operations and processes if such risks actually occur | Business Impact Analysis (BIA) |
a component of the BCP that specifies alternate IT contingency procedures that you can switch over to when you are faced with an attack or disruption in service leading to a disaster for the organization | IT contingency planning |
Disaster Recovery Plan | - a list and contact info for those responsible for the recovery -an inventory of hard/soft ware -a record of important business info that you would require to continue business -a record of procedure manuals and critical info such as BCP and IT plan -Specifications for alt sites |
the rating on a device or devices that predicts the expected time between failures | Mean time between failures (MTBF) |
action-based sessions where employees can validate DRPs by performing scenario-based activities in a simulated environment | Functional exercises |
should be conducted to determine the extent of incurred facility damages, to identify the cause, estimate downtime, and can also determine the appropriate response strategy | Assess the damage |
a group of designated individuals who implement recovery procedures and control recovery operations in the event of an internal or external disruption to critical business processes | Recovery team |
all selected files that have changed since the last full or differential backup are backed up | incremental backup |
backing up sensitive or important data is only part of the solution, as that backup also needs to be secure | secure backups |
Quer criar seus próprios Flashcards gratuitos com GoConqr? Saiba mais.