39 terms

Security Fundamentals 98-367: Lesson 1

Studying for Security Fundamentals 98-367; Microsoft official academic course by Wiley

Terms in this set (...)

Mitigation. Transfer.Avoidance
Which of the following are valid risk responses? (Choose all that apply)
iPod. USB flash drive. Floppy drive
Which of the following are considered removable devices or drives? (choose all that apply)
-USB flash drive
-Floppy drive
Parking lot lights. Security guards
Which of the following would be considered appropriate security measures for a building's external security perimeter? (Choose all that apply)
-Motion detector
-Parking lot lights
-Security guards
Secure the laptop to a piece of furniture with a laptop security cable.
You are traveling on business and are headed out to dinner with a client. You cannot take your laptop with you to the restaurant. What should you do with the device? (Choose the best answer)
-Lock the laptop in your car trunk.
-Store the laptop out of sight in a dresser drawer.
-Secure the laptop to a piece of furniture with a laptop security cable.
-Check the laptop at the front desk.
The process of eliminating a risk by choosing not to engage in an action or activity.
Strong encryption. Strong authentication.
You have just been promoted to Chief Security Officer for your auto parts manufacturing business and you are trying to identify technologies that will help ensure the confidentiality of your proprietary manufacturing techniques. Which of the following are technologies you could use to help with this endeavor? (Choose all that apply)
-Strong encryption
-Security guards
-Laptop safes
-Strong authentication
Confidentiality, integrity, availability
The acronym CIA stands for?
Core security principles refer to the principles of confidentiality, integrity, and availability
You have been placed in charge of the corporate security department and your boss has asked you to help her understand what is meant by core security principles. Which of these explanations should you give your boss?
-Core security principles refer to the internal security perimeter when setting up a layered physical security environment.
-Core security principles refer to the principles of confidentiality, integrity, and availability.
-Core security principles refer to leveraging security best practices.
-Core security principles refer to the four methods of addressing risk.
defense in depth
As the Chief Security Officer for a small medical records processing company, you have just finished setting up the physical security for your new office. In particular, you have made sure that the parking lot is illuminated, that you have guards both at the door and performing periodic patrols, and that you have badge readers throughout the building at key locations. You also have put biometric access technology on the data center door. In addition, you have cameras in the parking lot, at building entrances, and at the data center entrances. This type of implementation is know as: (Choose the best answer.)
-access control
-core security principles
-security best practices
-defense in depth
Reducing the surface attack area
What do you call the process of disabling unneeded services and ports to make a system more secure?
access control
If you are deploying technologies to restrict access to a resource, you are practicing the security principle known as _____.
defense in depth
Deploying multiple layers of security technology is called _____.
risk register
You have just taken a new job as the Risk Manager for a medium-sized pharmaceutical company, and your first assignment is to perform a formal risk assessment. You will most likely record the results of your risk assessment in a(n) ______.
social engineering
A secretary at your office just got off the phone with someone who said he was calling from the corporate IT department. The caller had a number of questions about the secretary's computer setup, and he asked for her user ID and password. In this situation, the secretary was most likely a victim of _____.
The consistency, accuracy, and validity of data or information is called _____.
You are traveling for work and decide to use a computer in the hotel business center to check your email and pay several bills. When you sit down at the computer, you notice there is an extra connector between the keyboard and the computer. You have most likely encountered a(n) _____.
residual risk
You are the Risk Manager for a regional bank, and you have just deployed a new badge reader system to address an access control risk. Although your solution has mitigated the risk, there is still a small remaining risk associated with access control. This risk is known as the _____.
attack surface
The larger the _____ of a particular environment, the greater the risk of a successful attack.
access control
The process of restricting access to a resource to only permitted users, applications, or computer systems.
attack surface
The exposure, the reachable and exploitable vulnerabilities that a system or technology has.
Describes a resource being accessible to a user, application, or computer system when required. In other words, _____ means that when a user needs to get information, he or she has the ability to do so.
The characteristic of a resource that ensures that access is restricted to only permitted users, applications, or computer systems.
defense in depth
Using multiple layers of security to defend your assets.
flash drive
A small drive based on flash memory.
The consistency, accuracy, and validity of data or information. One of the goals of a successful information security program is to ensure that data is protected against any unauthorized or accidental changes.
A physical or logical device used to capture keystrokes.
mobile device
Small devices that are used to process information, send and receive mail, store enormous amounts of data, surf the Internet, and interact remotely with internal networks and systems. They include laptops, PDAs (personal digest assistants), and smartphones.
principle of least privilege
A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.
removable device
A storage device that is designed to be taken out of a computer without turning the computer off.
residual risk
The risk that remains after measures have been taken to reduce the likelihood or minimize the effect of a particular event.
The probability that an event will occur. In reality, businesses are concerned only about _____ that would negatively impact the computing environment.
risk acceptance
The act of identifying and then making an informed decision to accept the likelihood and impact of a specific risk.
risk assessment
Identifies the risks that might impact your particular environment
risk avoidance
The process of eliminating a risk by choosing not to engage in an action or activity
risk management
The process of identifying, assessing, and prioritizing threats and risks.
risk mitigation
Taking steps to reduce the likelihood or impact of a risk.
risk transfer
The act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing.
social engineering
A method used to gain access to data, systems, or networks, primarily through misrepresentation. This technique typically relies on the trusting nature of the person being attacked
An action or occurrence that could result in the breach, outage, or corruption of a system by exploiting known or unknown vulnerabilities