NT2580 Final Exam Study Guide
1. Threat is an action that could damage an asset. Page 6
2. Which law requires all types of financial institutions to protect customers’ private financial information? GLBA or the Gramm-Leach-Bliley-Act
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? Protecting Private Data- The Process of ensuring data confidentiality
4. Standard is a detailed written definition of how software and hardware are to be used? Page 40
5. Private Data, Confidential, Internal use only, Public Domain is not a common type of data classification standard.
6. What does a lapse in a security control or policy create? Closing Security Gaps - A laps in a security control in a policy creates a gap.
7. Vulnerabilities and Threats - any weakness in a system that makes it possible for a threat to cause harm.
8. Risk - Refers to the likely hood of exposure to danger.
9. Which type of attacker intends to be helpful? White-hat hackers - Ethical hacking...Intending to be helpful.
10. Which domain is primarily affected by weak endpoint security on a VPN client? Remote Access Domain - Primarily affected by endpoint security on VPN clients.
11. Identify two phases of the access control process.
12. You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following? Page 144
13. __________ is a type of authentication? Page 147
14. Identify an example of an access control formal model. Page 161
15. __________ access control models is based on a mathematical theory published in 1989 to ensure fair competition? Page 170
16. __________ are primary categories of rules that most organizations must comply with? Page 184
17. __________ is not a part of an ordinary IT security policy framework? Page 192
18. __________ helps you determine the appropriate access to classified data? Pages 197, 205
19. __________ refers to the management of baseline settings for a system device? Page 201
20. Identify a primary step of the SDLC. Pages 204–205
21. __________ is a process to verify policy compliance? Page 215
22. When monitoring a system for anomalies, the system is measured against __________. Pages 214, 226, 236
23. __________ is not a type of penetration test? Page 245
24. Identify a drawback of log monitoring. Page 227
25. __________ is not a type of monitoring device? Page 231
26. Identify the primary components of risk management. Page 258–259
27. __________ is not a part of a quantitative risk assessment? Page 255–257
28. What are the primary components of business continuity management (BCM)? Page 263
29. __________ determines the extent of the impact that a particular incident would have on business operations over time? Page 266
30. What does risk management directly affect? Pages 252,253
31. __________ is a cipher that shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A? Page 235
32. Identify a security objective that adds value to a business. Page 286
33. __________ is an asymmetric encryption algorithm? Page 305
34. Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. Page 312
35. __________ is a mechanism for accomplishing confidentiality, integrity, authentication, and nonrepudiation? Page 280
36. In which OSI layer do you find FTP, HTTP, and other programs that end users interact with? Page 318
37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. Page 332
38. __________ would you not expect to find on a large network? Page 324
39. __________ is a weakness of WLANs?...
Please join StudyMode to read the full document