Study sets, textbooks, questions
Upgrade to remove ads
Computer Security and Reliability
Chapter 9 - Implementing Controls to Protect Assets
Terms in this set (98)
_____________ _______________ or ____________-____________-____________ practices, uses control diversity, implementing administrative, technical, and physical security controls.`
Layered security or defense-in-depth
___________ _____________ utilizes controls from different vendors.
_________ _____________- informs users of threats, helping them avoid common attacks.
In the event of a fire, door access systems should __________ personnel to exit the building without any form of ______________________.
____________ ___________ to data centers and server rooms should be limited to a single entrance and exit whenever possible.
______________ cards are credit card-sized access cards.
How do you use a proximity card?
Users pass the card near a proximity card reader and the card reader then reads data on the card.
Some access control points use ______________ cards with PINs for ____________.
Proximity cards; authentication
Door access systems include:
- Cipher locks
- Proximity cards
T/F - Cipher locks identify the user.
False - Cipher locks DO NOT identify users.
With combined with a PIN, proximity cards can..
..identify and authenticate users.
Biometrics can also ____________ and ________________ users.
What social engineering tactic occurs when one user follows closely behind another user without using credentials?
____________ allows only a single person to pass at a time.
Some sophisticated mantraps can do this before allowing access.
Identify and authenticate individuals.
____________ surveillance provides reliable proof of a person's location and activity.
This surveillance method can identify who enters and exits secure areas and can record theft of assets.
Fencing, lighting, and alarms all provide _______________ ___________.
Fencing, lighting, and alarms are often used together to provide _________ _____________.
What can be used with fencing, lighting, and alarms to increase their effectiveness?
Motion detection methods
How does infrared detect movement?
Infrared detectors detect movement by objects of different temperatures.
What provide stronger barriers than fences and attempt to deter attackers?
This type of barricade can block vehicles.
_________ ____________ are effective threat deterrents for small equipment such as laptops and some workstations.
When used properly, cable locks can prevent...
..losses due to theft of small equipment.
________ ________ in server rooms provide an added physical security measure.
What can a locked cabinet prevent?
Unauthorized access to equipment mounted in server bays.
Higher-tonnage HVAC systems provide more ___________ capacity.
Keeping server rooms at lower operating temperatures can result in fewer _______________.
HVAC systems increase availability by controlling ___________ and ____________ .
Temperature and humidity
Temperature controls help ensure a relatively constant _________________.
Humidity controls reduce the potential for damage from ______________ _____________ and damage from _____________.
Electrostatic discharge; condensation
What should be integrated with the fire alarm system?
____________ should either have dampers or the ability to be turned off in the event of a fire.
What prevents outside interference sources from corrupting data and prevents data from emanating outside the cable?
EMI shielding (electromagnetic interference)
________ __________ protect cables distributed throughout a building in metal containers.
A ___________ ___________ prevents signals from emanating beyond the cage.
A _____________ _____________ of _____________ is any component whose failure results in the failure of an entire system.
Single point of failure
What elements can be used to remove many single points of failures.
- RAID (Redundant array of inexpensive disks)
- Failover clusters
What is an inexpensive method used to add fault tolerance and increase availability?
RAID (Redundant array of inexpensive disks)
RAID subsystems, such as RAID-__, RAID-__, and RAID-__, provide fault tolerance and increased data availability.
RAID-1, RAID, 5, and RADI-6
What three RAID subsystems provide fault tolerance and increased data availability?
RAID-__ can survive the failure of ___ disk.
RAID-__ can survive the failure of ___ disks.
RAID-5 can survive the failure of ____ disk.
RAID-6 can survive the failure of ____ disks.
Which RAID can survive the failure of one disk?
Which RAID can survive the failure of two disks?
___________ clusters are one method of server redundancy and they provide high availability for servers.
What method of server redundancy provides high availability for servers and can remove a server as a single point of failure.
T/F - Failover clusters can remove a server as a single point of failure.
________ balancing increases the overall processing power of a server by sharing the load among multiple servers.
What can be used to increase the overall processing power of a server by sharing the load among multiple servers?
What is load balancing used for?
To increase the overall processing power of a serving by sharing the load among multiple servers.
Load balancing configurations can be..
..Active-passive or active-active
Scheduling methods for load balancers include ________-robin and source IP address _________.
Round-robin; IP address affinity
Source IP address affinity scheduling ensures..
..clients are redirected to the same server for an entire session.
What scheduling methods do load balancers use?
- IP address affinity
Which type of backup provides the fastest recovery time?
Full back - is costly (time and money)
Full/_____________ strategies reduce the amount of time needed to perform backup.
Full/_____________ strategies reduce the amount of time needed to restore backups.
Which backup strategy reduces the amount of time needed to restore backups?
Which backup strategy reduces the amount of time needed to perform backups?
If you have unlimited time and money, which backup strategy alone provides the fastest recovery time.
______ restores are the best way to test the integrity of a company's backup data.
Backup media should be protected with the same ___________ of ______________ as the data on the backup
Level of protection
Geographic considerations for backups include storing backups _________, choosing the best location, considering ________ implications and _______ sovereignty.
Off-site; legal; data
What geographic considerations should be included for backups?
- Storing backups off-site
- Choosing the best location
- Considering legal implications and data sovereignty
The ______ identifies mission-essential functions and critical systems that are essential to the organization's success.
BIA (Business impact analysis)
What does a BIA identify?
Mission-essential functions and critical systems that are essential to the organization's success.
A BIA identifies maximum ______________ limits for the identified critical systems and components.
T/F - A BIA identifies various scenarios that can impact critical systems and components, and the potential losses from an incident.
A privacy ____________ assessment is typically a simple questionnaire completed by system or data owners.
Privacy threshold assessment
A privacy threshold assessment helps identify if a system processes _____ that __________ the threshold of PII.
Data that exceeds the threshold of PII.
If the system processes PII, a privacy _______________ assessment helps identify and reduce risk related to potential loss of the PII.
Privacy impact assessment
What kind of privacy assessment helps to identify and reduce risk related to the potential loss of PII.
Privacy impact assessment
The recovery time objective (RTO) identifies the ______________ amount of ______ it should take to ______ a system after an outage.
Maximum amount of time; restore
What does the RTO identify?
The maximum amount of time it should take to restore a system after an outage.
The ______ is derived from the maximum allowable outage time identified in the BIA.
What is the RTO derived from?
The RTO is derived from the maximum outage time identified in the BIA.
The recovery point objective (RPO) refers to the amount of _______ you can afford to lose.
The ______ refers to the amount of data you can afford to lose.
What does the RPO refer to?
The amount of data you can afford to lose.
A _____ site includes personnel, equipment, software, and communication capabilities of the primary site with all the data up to date.
Which type of site provides the shortest recovery time?
A ____ site is the most effective disaster recovery solution, but it is also the most expensive to maintain.
A hot site
A _____ site will have power and connectivity needed for a recovery site, but little else.
A cold site
Which type of site is the least expensive and the hardest to test?
Which type of site is a compromise between a hot site and a cold site?
A warm site
What type of site does not have a dedicated location, but can provide temporary support during a disaster?
A _________ ________ _________ includes a hierarchical list of critical systems and often prioritizes services to restore after an outage.
Disaster recovery plan (DRP)
A disaster recovery plan (DRP) include a hierarchical list of..
..critical systems and often prioritizes services to restore after an outage.
_______ validates the DRP.
The ________ phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan.
What is the final phase of the DRP and what is its purpose?
The final phase of the DRP is a review to identify any lessons learned and may include an update of the plan.
How can you validate business continuity plans?
___________ exercises are discussion-based only and are typically performed in a classroom or conference setting.
___________ exercises are hands-on exercises.
Recommended textbook explanations
John Buck, William Hayt
Introduction to Algorithms
Charles E. Leiserson, Clifford Stein, Ronald L. Rivest, Thomas H. Cormen
Introduction to the Theory of Computation
Computer Organization and Design MIPS Edition: The Hardware/Software Interface
David A. Patterson, John L. Hennessy
Other sets by this creator
Items to focus on
Chapter 11 - Implementing Policies to Mitigate Ris…
Chapter 10 - Understanding Cryptography and PKI
Other Quizlet sets
Permit 1 test
Ch. 8 Study Guide
Causes of the Civil War Part 2
Making an instance of one class a member of another class is called _______.
Describe the difference between pretest loops and posttest loops.
What is inheritance? How can an instance of a class access the data attributes of another class by using this concept?
What inheritance relationships would you establish among the following classes? - Student - Professor - TeachingAssistant - Employee - Secretary - DepartmentChair - Janitor - SeminarSpeaker - Person - Course - Seminar - Lecture -ComputerLab