Bookmark and Share

Front Back
. ____ is the presentation of credentials or identification, typically performed when logging on to a system.
is the verification of the credentials to ensure that they are genuine and not fabricated.
____ is granting permission for admittance.
____ is the right to use specific resources.
There are several types of OTPs. The most common type is a ____ OTP.
A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.
A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.
____ time is the time it takes for a key to be pressed and then released.
. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used.

two factor authentication
____ requires that a user present three different types of authentication credentials.
three factor authentication
____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
windows cardspace
____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
____ is an industry standard protocol specification that forwards username and password information to a centralized server.
The International Organization for Standardization (ISO) created a standard for directory services known as ____.
The ____, sometimes called X.500 Lite, is a simpler subset of DAP.
The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.
____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).
____ refers to any combination of hardware and software that enables access to remote users to a local internal network.
. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
A(n) ____ is the end of the tunnel between VPN devices.
In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
____ generally denotes a potential negative impact to an asset.
The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
threat modeling
Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
vulnerability apprasial
The ____ is the expected monetary loss every time a risk occurs.
single loss expentancuy (SLE)
The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
Annualized Loss Expectancy (ALE)
In a ____, the risk is spread over all of the members of the pool.
risk retention pool
Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.
Velnerability appraisal
Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.
TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.
port number
____ are typically used to determine the state of a port to know what applications are running and could be exploited.
Port scanners
A(n) ____ port means that the application or service assigned to that port is listening.
A(n) ____ port indicates that no process is listening at this port.
A(n) ____ port means that the host system does not reply to any inquiries to this port number.
____ are software tools that can identify all the systems connected to a network.
network mappers
____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.
The key feature of a protocol analyzer is that it places the computer's network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.
promiscuous mode
____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
vulnerability scanner
____ is a “common language” for the exchange of information regarding security vulnerabilities.
____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.
password cracker
____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.
penetration testing
____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.
privilege managment
The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required
The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.
The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.
The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.
The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
group policy
____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.
ILM strategies are typically recorded in ____ policies.
storage and retention
x of y cards Next > >|