IS372-Chapter2

0.0(0)
studied byStudied by 1 person
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/25

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

26 Terms

1
New cards

True or False: Threats can be eliminated

False

2
New cards

What are unintentional threats

Threats that do not have a perpetrator such as natural disaster, human error, simple accidents

3
New cards

What are intentional threats

Acts that are hostile to an organization performed by a person or a group of people 

4
New cards

What is the principle of least privilege 

Granting someone the rights to do their job and no more

5
New cards

What is the principle of need to know

Giving someone only the access to stuff required to complete their job and no more

6
New cards

What is a threat/vulnerability pair

When a threat exploits a vulnerability

7
New cards

What if the difference between vulnerability and mitigation

A vulnerability is the weakness and the mitigation is the actions to reduce the impact and likelihood of a vulnerability.

8
New cards

When exploring new mitigation techniques what elements should be kept in mind 

Effectiveness of the technique and the initial and ongoing cost of it 

9
New cards

What is the difference between a vulnerability and an exploit

An exploit is the act of taking advantage of a vulnerability

10
New cards

What is a DMZ 

Demilitarized Zone is a buffer area between 2 firewalls that some servers may rest on

11
New cards

What is a script kiddie

Attackers with little to no knowledge that run scripts to see what they do

12
New cards

What are some steps involved in hardening a server

Changing defaults, Reducing attack surface, Update systems, Enable firewalls

13
New cards

What is the term where job responsibilities are divided evenly to reduce fraud

Separation of duties

14
New cards

What are the two main types of firewalls

Host based and network based

15
New cards

What US Agency regularly publishes alerts and bulletins related to security threats

US-CERT

16
New cards

Who is the CVE list maintained by

MITRE Corporation

17
New cards

What is the standard used to create information system security names

CVE

18
New cards

What is a security policy

A high level overview of security goals

19
New cards

_____ damage for the sake of doing damage and they often choose targets of oppurtunity

vandals

20
New cards

What is a SIEM

Security Information and Event Management platform; logs security events from across the network and analyzes it in real time

21
New cards

When does the threat/vulnerability pair occur

When a threat exploits a vulnerability

22
New cards

What can you control about threat/vulnerability pairs

The vulnerability only

23
New cards

______ threats are threats that are hostile to an organization

Intentional

24
New cards

_____ threats are threats that are not intentional to an organization

Unintentional

25
New cards

True or False: An IDS is meant to prevent threats from happening

False; an Intrusion Detection System only logs when someone gets in it wont prevent them

26
New cards