Standards - ANSWER Document stating that employees who ..... must .....
Guideline - ANSWER example: security documentation offers recommendations and suggestions on
creating a strong password
Noncompete agreement - ANSWER Agreements that restrict employees from competing with the
employer following termination of employment.
Accountability - ANSWER security concept includes the process of reviewing the activities of an identity
Identification - ANSWER (username)
CIA plus AAA - ANSWER
A company plans to implement a new authentication system for customers accessing the company
website. When customers log on, the website indicates that it sent a text message that includes a code
to the customer's mobile phone. To complete the log-on process, the customer is required to enter the
appropriate code within five minutes. - ANSWER Time-Based one-time password
Which security concept controls access to the network? - ANSWER Provide individuals access after they
supply a username and password
,Risk management - ANSWER process identifies factors that could damage or disclose data, evaluates
those factors considering data value and countermeasure cost, and implements cost-effective solutions
purpose of threat modeling tools - ANSWER To consider the range of compromise concerns and focus on
the end result of an attack
SLE - ANSWER
Asset value - ANSWER
Deterrence - ANSWER A company discovers that employees are accessing restricted areas. To discourage
employees, the security manager posts restricted access signs
Avoidance - ANSWER A company hires a consulting group to perform a security audit on its network. The
audit finds that the email servers are vulnerable to SMTP relay attacks. The company decides to migrate
email services to a cloud-based provider and decommission the email servers.
Rejection - ANSWER A private company identifies a risk with a high-value asset. A threat has been
reported to be attacking only government entities. The company's board of directors has concluded that
the threat will likely never materialize for private companies, and that nothing should be done about it.
Risk Assessment Life Cycle (steps) - ANSWER Security categorization
Security control selection
Security control implementation
Security control assessment
Information system authorization
Security control monitoring
risk management framework - ANSWER A guideline or recipe for how risk is to be assessed, resolved,
and monitored
,Private - ANSWER Which data classification would cause serious damage to the mission of an
organization, is less damaging than its highest classification, and is the label used by most organizations
for the classification of PII and PHI data?
Public - ANSWER The document policy of an organization is that there is no negative impact if documents
are released outside the organization.
Open Authentication (OAuth 2.0) - ANSWER identity technology is an open request for comments (RFC)
standard that provides access delegation of online websites
Federated identity management (FIM) - ANSWER identity management solution allows multiple
organizations to share identities based on a common method
credential management system - ANSWER solution that allows employees to store usernames and
passwords
Discretionary - ANSWER The vice president of a company distributes corporate policies by emailing
employees links to the files. An IT professional needs to implement a solution that allows only the vice
president to manage who can edit corporate policies.
Which access control model should this professional implement?
, or
'
A company develops project management software. The design requires the project manager to control
access to the project files.
Role Based - ANSWER A company wants only members of its database administrator team to have
administrative access to all SQL server databases.
Which access control model should this company apply?
Mandatory - ANSWER A word-processing program uses document labels to determine which users can
access files. For example, only members of the legal department can access files labeled legal.
It uses classification of data or labels
Access aggregation - ANSWER The collective entitlements granted by multiple systems to one user; can
lead to authorization creep.
example
An attacker uses multiple websites to collect public information and pieces together a profile to be used
for identity impersonation.
Side Channel - ANSWER type of attack that is passive and noninvasive and intended to observe the
operation of a device
Rule-based - ANSWER A company secures its network by closing specific ports on its firewalls.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller wilmug. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.49. You're not tied to anything after your purchase.
