Study Guide
Nt258 Final
NT2580 Final Exam Study Guide
1. Threat is an action that could damage an asset. Page 6
2. Which law requires all types of financial institutions to protect customers’ private financial information? GLBA or the Gramm-Leach-Bliley-Act
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? Protecting Private Data- The Process of ensuring data confidentiality
4. Standard is a detailed written definition of how software and hardware are to be used? Page 40
5. Private Data, Confidential, Internal use only, Public Domain is not a common type of data classification standard.
6. What does a lapse in a security control or policy create? Closing Security Gaps - A laps in a security control in a policy creates a gap.
7. Vulnerabilities and Threats - any weakness in a system that makes it possible for a threat to cause harm.
8. Risk - Refers to the likely hood of exposure to danger.
9. Which type of attacker intends to be helpful? White-hat hackers - Ethical hacking...Intending to be helpful.
10. Which domain is primarily affected by weak endpoint security on a VPN client? Remote Access Domain - Primarily affected by endpoint security on VPN clients.
11. Identify two phases of the access control process.
12. You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following? Page 144
13. __________ is a type of authentication? Page 147
14. Identify an example of an access control formal model. Page 161
15. __________ access control models is based on a mathematical theory published in 1989 to ensure fair competition? Page 170
16. __________ are primary categories of rules that most organizations must comply with? Page 184
17. __________ is not a part of an ordinary IT security policy framework? Page 192
18. __________ helps you determine the appropriate access to
NT2580 Final Exam Study Guide
1. Threat is an action that could damage an asset. Page 6
2. Which law requires all types of financial institutions to protect customers’ private financial information? GLBA or the Gramm-Leach-Bliley-Act
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? Protecting Private Data- The Process of ensuring data confidentiality
4. Standard is a detailed written definition of how software and hardware are to be used? Page 40
5. Private Data, Confidential, Internal use only, Public Domain is not a common type of data classification standard.
6. What does a lapse in a security control or policy create? Closing Security Gaps - A laps in a security control in a policy creates a gap.
7. Vulnerabilities and Threats - any weakness in a system that makes it possible for a threat to cause harm.
8. Risk - Refers to the likely hood of exposure to danger.
9. Which type of attacker intends to be helpful? White-hat hackers - Ethical hacking...Intending to be helpful.
10. Which domain is primarily affected by weak endpoint security on a VPN client? Remote Access Domain - Primarily affected by endpoint security on VPN clients.
11. Identify two phases of the access control process.
12. You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following? Page 144
13. __________ is a type of authentication? Page 147
14. Identify an example of an access control formal model. Page 161
15. __________ access control models is based on a mathematical theory published in 1989 to ensure fair competition? Page 170
16. __________ are primary categories of rules that most organizations must comply with? Page 184
17. __________ is not a part of an ordinary IT security policy framework? Page 192
18. __________ helps you determine the appropriate access to