Involves sending forged requests to a large number of computers that will reply to the
requests. The source IP address is spoofed to that of the targeted victim.
Give this one a go later!
Reflected Attack
,Is also known as zero-knowledge testing. This refers to a test where the penetration tester is
not given any information and the target organization is not given any warning—both parties
are "blind" to the test. This is the best scenario for testing response capability because the
target will react as if the attack were real.
Give this one a go later!
Double Blind Penetration Testing
Strong leadership, direction and commitment by senior management on security training is
needed. This commitment should be supported with a comprehensive program of formal
security awareness training. Security awareness training should focus on common user
security concerns - such as password selection, appropriate use of computing resources,
email and web browsing safety and social engineering.
Give this one a go later!
Security training
They attempt to prevent an incident. Ex. A sign that warns a person about a dangerous
condition
Give this one a go later!
Proactive Controls (Safeguards)
,Logical access control filters used to validate access credentials that cannot be controlled or
modified by normal users or data owners. Could be carried out by comparing the sensitivity
of the information resources, kept on user-unmodifiable tag attached to the security object
with the security clearance of the accessing entity such as a user or an application. Only
administrators may make decisions that are derived from policy. Only admins can change the
category of a resource, and no one may grant a right of access that is explicitly forbidden in
the access control policy. Anything that is not expressly permitted is forbidden.
Give this one a go later!
Mandatory Access Control
Occurs when misconfigured network devices allow packets to be sent to all hosts on a
particular network via the broadcast address of the network
Give this one a go later!
Smurf Attack
Planning - management approval, deliverables
Reconnaissance/discovery - network mapping
Attacks
Reporting - simultaneously occurs with the prior 3 phases
Give this one a go later!
, Phases of Penetration Testing
Apply an extinguishing agent directly onto a fire (usually a two dimensional area) or into the
three dimensional region immediately surrounding the substance or object on fire. The main
difference between local application and total flooding designs is the absence of physical
barriers enclosing the fire space in the local application design.
Give this one a go later!
Local Application
The proportion of people who fail to be enrolled successfully
Give this one a go later!
Failure to Enroll Rate
The three key elements are opportunity, motivation and rationalization.
Give this one a go later!
Fraud Triangle
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller codersimon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.50. You're not tied to anything after your purchase.