option
My Daypo

IFS

COMMENTS STADISTICS RECORDS
TAKE THE TEST
Title of test:
IFS

Description:
TEST IFS For Test

Author:
islam
(Other tests from this author)

Creation Date:
15/03/2021

Category:
Others

Number of questions: 503
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
The need to secure the physical location of computer technology from outside threats Computer security Security Communications security Network security.
A state of being secure and free from danger or harm. Also; the actions taken to make someone or something secure Computer security Security Communications security Network security.
The protection of all communications media; technology; and content Computer security Security Communications security Network security.
A subset of communications security; the protection of voice and data; Networking components; connections; and content. Computer security Security Communications security Network security.
Protection of the confidentiality; integrity; and availability of information assets; whether in storage; processing; or transmission; via the application of policy; education;training and awareness; and technology. information security C.I.A. triad Access Asset.
The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information - confidentiality; integrity; and availability information security C.I.A. triad Access Asset .
Authorized users have legal access to a system; whereas hackers must gain illegal access to a system information security C.I.A. triad Access Asset.
The organizational resource that is being protected. information security C.I.A. triad Access Asset.
Asset Q.9 An intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active or passive; intentional or unintentional; and direct or indirect. Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
It is perpetrated by a hacker using a PC to break into a system Direct attacks originate from the threat itself. Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
It is originated from a compromised system or resource that is malfunctioning or working under the control of a threat. Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
Security mechanisms; policies; or procedures that can successfully counter attacks; reduce risk; resolve vulnerabilities Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain Exploit Exposure Loss Risk.
A condition or state of being exposed; in information security; exposure exists when a vulnerability is known to an attacker Exploit Exposure Loss Risk.
A single instance of an information asset suffering damage or destruction; unintended or unauthorized modification or disclosure; or denial of use. When an organization’s information is stolen; it has suffered a loss. Exploit Exposure Loss Risk .
The probability of an unwanted occurrence; such as an adverse event or loss. Exploit Exposure Loss Risk .
EX; it can be compromised by an attack (object) and then used to attack other systems (subject). Subjects and objects of attack Threat Threat agent Threat event.
Any event or circumstance that has the potential to adversely affect operations and assets. Subjects and objects of attack Threat Threat agent Threat event.
The specific instance or a component of a threat Subjects and objects of attack Threat Threat agent Threat event.
An occurrence of an event caused by a threat agent. Subjects and objects of attack Threat Threat agent Threat event.
A category of objects; people; or other entities that represents the origin of danger to an asset—in other words; can be purposeful or undirected - threat source known as “acts of God/acts of nature.” Threat source Vulnerability Accuracy Authenticity.
A potential weakness in an asset or its defensive control system(s). Some examples of vulnerabilities are a flaw in a software package; an unprotected system Threat source Vulnerability Accuracy Authenticity.
An attribute of information that describes how data is free of errors and has the value that the user expects. Threat source Vulnerability Accuracy Authenticity.
An attribute of information that describes how data is genuine or original rather than reproduced or fabricated. Threat source Vulnerability Accuracy Authenticity.
An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction. Availability Confidentiality Integrity Personally Identifiable Information (PII).
An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems Availability Confidentiality Integrity Personally Identifiable Information (PII).
An attribute of information that describes how data is whole; complete; and uncorrupted. Availability Confidentiality Integrity Personally Identifiable Information (PII).
A set of information that could uniquely identify an individual. Availability Confidentiality Integrity Personally Identifiable Information (PII).
An attribute of information that describes how the data’s ownership or control is legitimate or authorized. Possession Utility Information System (IS) Software.
An attribute of information that describes how data has value or usefulness for an end purpose Possession Utility Information System (IS) Software .
The entire set of software; hardware; data; people; procedures; and networks that enable the use of information resources in the organization. physical security The protection of physical items; objects; or areas from unauthorized access and misuse. Possession Utility Information System (IS) Software .
It includes applications (programs); operating systems; and assorted command utilities Possession Utility Information System (IS) Software.
It is the physical technology that houses and executes the software; stores and transports the data; and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets – such as locks and keys - from harm or theft. Ex: passed it through the conveyor scanning devices. Hardware Data People Procedures.
Data stored; processed; and transmitted by a computer system must be protected. Data is often the most valuable asset of an organization and therefore is the main target of intentional attacks. Information was originally defined as data with meaning we will use the term information to represent both unprocessed data and actual information Hardware Data People Procedures.
Though often overlooked in computer security considerations; people have always been a threat to information security. In the end; the Khan simply bribed the gatekeeper - and the rest is history. Whether this event actually occurred or not; the moral of the story is that people can be the weakest link in an organization’s information security program Hardware Data People Procedures.
They are written instructions for accomplishing a specific task. should be disseminated among members of an organization on a need-to-know basis. Hardware Data People Procedures.
Networking is the IS component that created much of the need for increased computer and information security. When information systems are connected to each other to form LANs; and these LANs are connected to other networks such as the Internet; new security challenges rapidly emerge. However; when computer systems are networked; this approach (locks and keys) is no longer enough. Steps to provide network security such as installing and configuring firewalls are essential Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
Information security technologists and end users must recognize that both groups share the same overall goals of the organization—to ensure that data is available when; where; and how it is needed; with minimal delays or obstacles. Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems. Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
A methodology of establishing security policies and/or practices that is initiated by upper management. It has a higher probability of success. Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
A formal approach to solving a problem based on a structured sequence of procedures. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed; but generally the phases address the investigation; analysis; design; implementation; and maintenance of an information system. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
A type of SDLC in which each phase of the process “flows from” the information gained in the previous phase; with multiple opportunities to return to previous phases and make adjustments. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
A formal approach to solving a problem based on a structured sequence of procedures. focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
In the logical design phase; the information gained from the analysis phase is used to begin creating a systems solution for a business problem. Logical Design Implementation Maintenance and Change Software Assurance (SA).
In the implementation phase; any needed software is created. Logical Design Implementation Maintenance and Change Software Assurance (SA).
The maintenance and change phase is the longest and most expensive of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle. Logical Design Implementation Maintenance and Change Software Assurance (SA) .
A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. Logical Design Implementation Maintenance and Change Software Assurance (SA) .
Keep the design as simple and small as possible Economy of mechanism Fail-safe defaults Complete mediation Open design.
Base access decisions on permission rather than exclusion. Economy of mechanism Fail-safe defaults Complete mediation Open design.
Every access to every object must be checked for authority. Economy of mechanism Fail-safe defaults Complete mediation Open design .
The design should not be secret; but rather depend on the possession of keys or passwords Economy of mechanism Fail-safe defaults Complete mediation Open design .
Where feasible; a protection mechanism should require two keys to unlock; rather than one. Separation of privilege Least privilege Least common mechanism Psychological acceptability .
Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Separation of privilege Least privilege Least common mechanism Psychological acceptability.
Minimize mechanisms (or shared variables) common to more than one user and depended on by all users. Separation of privilege Least privilege Least common mechanism Psychological acceptability.
It is essential that the human interface be designed for ease of use; so that users routinely and automatically apply the protection mechanisms correctly Separation of privilege Least privilege Least common mechanism Psychological acceptability.
The CIO translates the strategic plans of the organization as a whole into strategic information plans for the information systems or data processing division of the organization. An executive-level position that oversees the organization’s computing technology and strives to create efficiency in the processing and access of the organization’s information. chief information officer (CIO) chief information security officer (CISO) Project team Champion.
Typically considered the top information security officer in an organization. chief information officer (CIO) chief information security officer (CISO) Project team Champion.
A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned. chief information officer (CIO) chief information security officer (CISO) Project team Champion.
A senior executive who promotes the project and ensures its support; both financially and administratively; at the highest levels of the organization. chief information officer (CIO) chief information security officer (CISO) Project team Champion .
A project manager who may also be a departmental line manager or staff unit manager; and who understands project management; personnel management; and information security technical requirements. Team leader Security policy developers Risk assessment specialists Security professionals.
People who understand the organizational culture; existing policies; and requirements for developing and implementing successful policies. Team leader Security policy developers Risk assessment specialists Security professionals.
People who understand financial risk assessment techniques; the value of organizational assets; and the security methods to be used. Team leader Security policy developers Risk assessment specialists Security professionals .
Dedicated; trained; and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint. Team leader Security policy developers Risk assessment specialists Security professionals .
People with the primary responsibility for administering systems that house the information used by the organization. Systems administrators End users data custDdians Security as Art.
Those whom the new system will most directly affect. Ideally; a selection of users from various departments; levels; and degrees of technical knowledge assist the team in focusing on the application of realistic controls that do not disrupt the essential business activities they seek to safeguard. Systems administrators End users data custDdians Security as Art.
Individuals who work directly with data owners and are responsible for storage; maintenance; and protection of information. Systems administrators End users data custDdians Security as Art.
The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A touch of color here; a brush stroke there; just enough to represent the image the artist wants to convey without overwhelming the viewer—or in security terms; without overly restricting user access. Systems administrators End users data custDdians Security as Art.
Technology developed by computer scientists and engineers—which is designed for rigorous performance levels—makes information security a science as well as an art. Security as Science Security as a Social Science delete delete .
Social science examines the behavior of people as they interact with systems; whether they are societal systems or; as in this context; information systems. Security as Science Security as a Social Science delete delete.
To protect the confidentiality of information; you can use several measures; including the following: Information classification A direct attack Indirect attack Control; safeguard; or countermeasure.
To protect the confidentiality of information; you can use several measures; including the following: Exploit Secure document storage Loss Risk .
To protect the confidentiality of information; you can use several measures; including the following: Subjects and objects of attack Threat Application of general security policies Threat event.
To protect the confidentiality of information; you can use several measures; including the following: Threat source Vulnerability Accuracy Education of information custodians and end users.
For detecting a virus or worm is to look for changes in file integrity; as shown by The file size. Confidentiality Integrity Personally Identifiable Information (PII).
For detecting a virus or worm is to look for changes in file integrity; as shown by Attack File hashing Indirect attack Control; safeguard; or countermeasure.
Secure Software Assurance (SwA) Common Body of Knowledge (CBK) examine two key questions Exploit Exposure What are the engineering activities or aspects of activities that are relevant to achieving secure software? Risk.
Secure Software Assurance (SwA) Common Body of Knowledge (CBK) examine two key questions Subjects and objects of attack Threat Threat agent What knowledge is needed to perform these activities or aspects?.
The SwA CBK; which is a work in progress; contains the following sections: Nature of Dangers Vulnerability Accuracy Authenticity.
The SwA CBK; which is a work in progress; contains the following sections: Availability Fundamental Concepts and Principles Integrity Personally Identifiable Information (PII).
The SwA CBK; which is a work in progress; contains the following sections: Attack A direct attack Ethics; Law; and Governance Control; safeguard; or countermeasure.
The SwA CBK; which is a work in progress; contains the following sections: Exploit Exposure Loss Secure Software Requirements.
The SwA CBK; which is a work in progress; contains the following sections: Secure Software Design Threat Threat agent Threat event.
The SwA CBK; which is a work in progress; contains the following sections: Threat source Secure Software Construction Accuracy Authenticity.
The SwA CBK; which is a work in progress; contains the following sections: Availability Confidentiality Secure Software Verification; Validation; and Evaluation Personally Identifiable Information (PII).
The SwA CBK; which is a work in progress; contains the following sections: Attack A direct attack Indirect attack Secure Software Tools and Methods.
The SwA CBK; which is a work in progress; contains the following sections: Secure Software Processes Exposure Loss Risk.
The SwA CBK; which is a work in progress; contains the following sections: Subjects and objects of attack Secure Software Project Management Threat agent Threat event.
The SwA CBK; which is a work in progress; contains the following sections: Threat source Vulnerability Acquisition of Secure Software Authenticity.
The SwA CBK; which is a work in progress; contains the following sections: Authenticity Availability Confidentiality Integrity.
They carry the authority of a governing body. laws Ethics Aggregate information Information aggregation.
They are based on cultural mores laws Ethics Aggregate information Information aggregation.
Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. laws Ethics Aggregate information Information aggregation.
Pieces of nonprivate data that- when combined- may create information that violates privacy. Not to be confused with aggregate information. laws Ethics Aggregate information Information aggregation.
In the context of information security- the right of individuals or groups to protect themselves and their information from unauthorized access- providing confidentiality. Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS).
It is a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.” Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS).
It investigates both traditional crimes and cybercrimes- and works with the U.S. Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS).
It is organization that process payment cards- such as credit cards- debit cards- ATM cards- store-value cards- gift cards- or other related items Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS).
The desired end of a planning cycle. goals objectives strategic plan strategic planning.
The intermediate states obtained to achieve progress toward a goal or goals. goals objectives strategic plan strategic planning.
A plan for the organization’s intended strategic efforts over the next several years. goals objectives strategic plan strategic planning .
The process of defining and specifying the long-term direction (strategy). goals objectives strategic plan strategic planning.
The process of tactical planning breaks each strategic goal into a series of incremental objectives. Tactical planning Policies Standard Practice.
They direct how issues should be addressed and how technologies should be used. Tactical planning Policies Standard Practice.
A detailed statement of what must be done to comply with policy- sometimes viewed as the rules governing policy compliance. Tactical planning Policies Standard Practice.
recommendations Tactical planning Policies Standard Practice.
recommendations the employee may use as a reference in complying with a policy guidelines procedures Comprehension (understanding) Compliance (agreement).
Step-by-step instructions designed to assist employees in following policies- standardsand guDissemination (distribution) - The organization must be able to demonstrate that the policy has been made readily available for review by the employee (eg.- hard copy and electronic distribution) guidelines procedures Comprehension (understanding) Compliance (agreement).
The organization must be able to demonstrate that the employee understands the requirements and content of the policy (eg.- quizzes and other assessments). guidelines procedures Comprehension (understanding) Compliance (agreement) .
The organization must be able to demonstrate that the employee agrees to comply with the policy through act or affirmation (eg.- logon banners- which require a specific action to acknowledge agreement). guidelines procedures Comprehension (understanding) Compliance (agreement) .
The organization must be able to demonstrate that the policy has been uniformly enforced- regardless of employee status or assignment. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
Written instructions provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
Specifications of authorization that govern the rights and privileges of users to a particular information asset. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
An integration of access control lists (focusing on assets) and capability tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix.
A lattice-based access control with rows of attributes associated with a particular subject (such as a user). Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
Configuring firewalls- intrusion detection and prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that represent the configuration rule policy . Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
A framework or security model customized to an organization- including implementation details. Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
A specification of a model to be followed during the design- selection- and initial and ongoing implementation of all subsequent security controls- including information security policies- security education and training programs- and technological controls. Capabilities table Configuration Rule Policies Information security blueprint Information security framework.
It illustrate how information is under attack from a variety of sources. It illustrates the ways in which people access information. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
It is designed and implemented policies- people (education- training- and awareness programs)- and technology. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
A strategy for the protection of information assets that uses multiple layers and different types of controls (managerial- operational- and technical) to provide optimal protection. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
Information security safeguards that focus on administrative planning- organizingleading- and controlling- and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls.
Information security safeguards focusing on lower-level planning that deals with the functionality of the organization’s security. These safeguards include disaster recovery and incident response planning operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
Information security safeguards that focus on the application of modern technologiessystems- and processes to protect information assets. These safeguards include firewalls- virtual private networks- and IDPSs. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
It is a managerial program designed to improve the security of information assets by providing targeted knowledge- skills- and guidance for an organization’s employees. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
The documented product of business continuity planning. Occurs concurrently with the DR plan when the damage is major or ongoing. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan).
The actions taken to develop and implement the BC policy Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT) .
The actions taken to implement a combined DR and BC policy- and plan Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
The actions taken to incident response- disaster recovery- and business continuity efforts- as well as preparatory business impact analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)- and business continuity planning (BCP) Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
It leads all CP efforts. Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT).
The documented product. It focuses on restoring systems. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The actions taken Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The documented product. It focuses on immediate response- but if the attack is there. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
An investigation and assessment of the various adverse events that can affect the organization. The BIA attempts to answer the question- “How will it affect us?” Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA).
The total amount of time the system owner or authorizing official is willing to accept for a mission/business process outage or disruption- including all impact considerations. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT) .
The point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage (given the most recent backup copy of the data). Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources- supported mission/business processes- and the MTD. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
The amount of effort (expressed as elapsed time) necessary to make the business function operational after the technology element is recovered (as identified with RTO). Tasks include testing and validation of the system. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT).
It is important to collect critical information about each business unit before prioritizing the business units. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Identify Resource Requirements. Once the organization has created a prioritized list of its mission and business processes- it needs to determine which resources would be required to recover those processes and associated assets. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Identify Recovery Priorities for System Resources To do so- it needs to understand the information assets used by those processes Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification .
The process of examining an incident candidate and determining whether it constitutes an actual incident (both host-based and network-based). Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification.
Information or information systems become unavailable Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
Users report corrupt data files- garbage where data should be- or data that looks wrong Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
You are notified of sensitive information leaks or informed that information you thought was protected has been disclosed. Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
Organizational policies that address information or information security have been violated. Loss of availability Loss of integrity Loss of confidentiality Violation of policy.
The law has been broken- and the organization’s information assets are involved. Violation of law Alert message Alert roster After-action review.
A scripted description of the incident that usually contains just enough information so that each person knows what portion of the IR plan to implement without slowing down the notification process. Violation of law Alert message Alert roster After-action review.
A document that contains contact information for people to be notified in the event of an incident Violation of law Alert message Alert roster After-action review.
A detailed examination and discussion of the events that occurred- from first detection to final recovery. Violation of law Alert message Alert roster After-action review.
The process of collecting- analyzing- and preserving computer-related evidence. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
A physical object or documented information entered into a legal proceeding that proves an action occurred or identifies the intent of a perpetrator. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
in which applications are provided for a fee but hosted on third-party systems and accessed over the Internet and the Web Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS).
in which development platforms are available to developers for a fee and are hosted by third parties. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS) .
which is informally known as Everything as a Service- provides hardware and operating systems resources to host whatever the organization wants to implement. Again- the service is hosted by a third party for a fee. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
One of the newest options available as a specialized disaster recovery. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of all files that have changed or been added since the last full backup. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of all files for an entire system- including all applications- operating systems components- and data. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup.
The duplication of only the files that have been modified since the previous incremental backup. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
An approach to disk mirroring in which each drive has its own controller to provide additional redundancy. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
It is where the computer records all data to twin drives simultaneously- providing a backup if the primary drive fails. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
L1- It is where one logical volume is created by storing data across several available hard drives in segments called stripes. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0.
A hard drive feature that allows individual drives to be replaced without powering down the entire system and without causing a fault during the replacement. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A system of drives that stores information across Multiple units to spread out data and minimize the impact of a single drive failure Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
provided by mirroring entire servers to provide redundant capaA level of redundancy city for services Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A facility that provides only rudimentary services- with no computer hardware or peripherals. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site.
A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server Database shadowing Hot site Warm site Bonus .
A fully configured computing facility that includes all services- communications linksand physical plant operations. Database shadowing Hot site Warm site Bonus.
A facility that provides many of the same services and options as a hot site- but typically without installed and configured software applications. Database shadowing Hot site Warm site Bonus.
Bonus Database shadowing Hot site Warm site Bonus.
The adoption and implementation of an innovative business model- methodtechnique- resource- or technology in order to outperform the competition. competitive advantage risk assessment risk control risk identification.
A determination of the extent to which an organization’s information assets are exposed to risk competitive advantage risk assessment risk control risk identification.
The application of controls that reduce the risks to an organization’s information assets to an acceptable level. competitive advantage risk assessment risk control risk identification.
The recognition- enumeration- and documentation of risks to an organization’s information assets. competitive advantage risk assessment risk control risk identification.
The process of identifying risk- assessing its relative magnitude- and taking steps to reduce it to an acceptable level. risk management residual risk In Asset Identification - People Procedures.
The risk to information assets that remains even after current controls have been applied. risk management residual risk In Asset Identification - People Procedures.
Position name- number- or ID (avoid using people’s names and stick to identifying positions- roles- or functions)- supervisor- security clearance level- special skills risk management residual risk In Asset Identification - People Procedures.
Description- intended purpose- relationship to software- hardware- and networking elements- storage location for reference- storage location for update risk management residual risk In Asset Identification - People Procedures.
Classification- owner- creator- and manager- size of datastructure- data structure used (sequential or relational)- online or offline- location- backup procedures employed Data IP address Name Media access control (MAC) address.
Make sure that the names you choose are meaningful to all the groups that use the information. You should adopt naming standards that do not convey information to potential system attackers. Data Name IP address Media access control (MAC) address.
This can be a useful identifier for network devices and servers- but it does not usually apply to software. You can- however- use a relational database to track software instances on specific servers or networking devices. Data Name IP address Media access control (MAC) address.
They are sometimes called electronic serial numbers or hardware addresses. Data Name IP address Media access control (MAC) address .
For hardware- you can develop a list of element types- such as servers- desktopsnetworking devices- or test equipment. For software elements- you may develop a list of types that includes operating systems- custom applications by type (accounting- HRor payroll- for example)- packaged applications- and specialty applications- such as firewall programs. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
This information falls under asset inventory- which can be performed once the identification process is started. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
The logical location is most useful for networking devices and indicates the logical network where the device is connected. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
triples Apairing of an asset with a threat and an identification of vulnerabilities that exist between the two. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA).
Likelihood ? Attack Success Probability Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
Asset Value ? Probable Loss Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
exposure factor (EF) * asset value (AV). Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
single loss expectancy (SLE) * annualized rate of occurrence (ARO) Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE).
The number of successful attacks that are expected to occur within a specified time period attack success probability Likelihood loss frequency transference risk control strategy.
The probability that a specific vulnerability within an organization will be the target of an attack. attack success probability Likelihood loss frequency transference risk control strategy.
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range. attack success probability Likelihood loss frequency transference risk control strategy.
It attempts to shift risk to other assets- other processes- or other organizations. attack success probability Likelihood loss frequency transference risk control strategy.
It indicates the organization is willing to accept the current level of risk Acceptance termination risk control strategy access control access control list (ACL).
It eliminates all risk associated with an information asset by removing it from service or handling decision points. Acceptance termination risk control strategy access control access control list (ACL).
The selective method by which systems specify who may use a particular resource and how they may use it. Acceptance termination risk control strategy access control access control list (ACL).
Specifications of authorization that govern the rights and privileges of users to a particular information asset. Acceptance termination risk control strategy access control access control list (ACL).
An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC).
In a lattice-based access control- the row of attributes associated with a particular subject (such as a user). attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC).
Access controls that are implemented at the discretion or option of the data user. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC).
A variation on the MAC form of access control- which assigns users a matrix of authorizations for particular areas of access- incorporating the information assets of subjects such as users and objects attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC).
A required- structured data classification scheme that rates each collection of information as well as each user mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
They are implemented by a central authority. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An example of a nondiscretionary control where privileges are tied to the role a user performs in an organization- and are inherited when a user is assigned to that role. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC).
An integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrixwith organizational assets listed in the column headings and users listed in the row headings. access control matrix accountability authentication authorization.
The access control mechanism that ensures all actions ona system—authorized or unauthorized—can be attributed to anauthenticated identity. Also known as auditability. access control matrix accountability authentication authorization.
The access control mechanism that requires the validation and verification of an unauthenticated entity’s purportedidentity. access control matrix accountability authentication authorization.
The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels. access control matrix accountability authentication authorization.
It is the method by which systems determine whether and how to admit a user into a trusted area of the organization—that is-information systems- restricted areas such as computer rooms- and the entire physical location. Access control dumb card identification passphrase.
An authentication card that contains digital user data- such as a personal identification number (PIN)- against which user input is compared. Access control dumb card identification passphrase .
The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system. Access control dumb card identification passphrase.
A plain-language phrase- typically longer than a password- from which a virtual password is derived. Access control dumb card identification passphrase .
A secret word or combination of characters that only the user should know- a password is used to authenticate the user. password smart card biometric access control minutiae.
An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN. password smart card biometric access control minutiae.
The use of physiological characteristics to provide authentication for a provided identification. password smart card biometric access control minutiae.
In biometric access controls- unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created password smart card biometric access control minutiae.
Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall .
A firewall type that can react to network traffic and create or modify configuration rules to adapt address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
In information security- a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network. address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
A device capable of functioning both as a firewall and an application layer proxy server address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall.
An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside- untrusted network. demilitarized zone (DMZ) proxy server content filter data loss prevention .
A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server- thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers demilitarized zone (DMZ) proxy server content filter data loss prevention.
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example- restricting user access to Web sites from material that is not related to business- such as pornography or entertainment. demilitarized zone (DMZ) proxy server content filter data loss prevention.
A strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network. demilitarized zone (DMZ) proxy server content filter data loss prevention.
A private- secure network operated over a public and insecure network. virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce.
This factor of authentication relies on what the unverified user or system knows and can recall—for example- a assword- passphrase- or other unique authentication codesuch as a personal identification number (PIN). virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce.
This authentication factor relies on something an unverified user or system has and can produce when necessary. virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce.
This relies on individual characteristics- such as fingerprints- palm or prints virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce.
An adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations- almost always with the intent to do harm. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique .
The general term for a system that can both detect and modify its configuration and environment to prevent. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique.
A system capable of automatically detecting an intrusion into an organization’s networks or host systems and notifying a designated authority. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique.
Terminating- Blocking- and Blocking all access intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique.
A process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm Alarm clustering and compaction Alarm filtering Confidence value Evasion.
The process of classifying IDPS alerts so they can be more effectively managed. Alarm clustering and compaction Alarm filtering Confidence value Evasion.
The measure of an IDPS’s ability to correctly detect and identify certain types of attacks which is based on fuzzy logic. Alarm clustering and compaction Alarm filtering Confidence value Evasion.
The process by which attackers change the format and/or timing of their activities to avoid being detected by an IDPS Alarm clustering and compaction Alarm filtering Confidence value Evasion.
An event that triggers an alarm when no actual attack is in progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs can distinguish between these stimuli and real attacks. False attack stimulus False negative False positive Tuning.
The failure of an IDPS to react to an actual attack event. False attack stimulus False negative False positive Tuning.
An alert or alarm that occurs in the absence of an actual attack. False attack stimulus False negative False positive Tuning.
The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives. False attack stimulus False negative False positive Tuning.
Alarm events that are accurate and noteworthy but do not pose significant threats to information security. Noise Site policy Data Collection Attack Deterrence .
The rules and configuration guidelines governing the implementation and operation of IDPSs within the organization. Noise Site policy Data Collection Attack Deterrence.
In the process of analyzing data and network activity- IDPSs can be configured to log data for later analysis. Noise Site policy Data Collection Attack Deterrence.
Another reason to install an IDPS is that it serves as a deterrent by increasing the fear of detection among would be attackers. Noise Site policy Data Collection Attack Deterrence.
The process of examining and verifying the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected packet behavior or improper use. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification.
An IDPS that resides on a particular computer or server- known as the host- and monitors activity only on that system. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification.
Also known as a switched port analysis (SPAN) port or mirror port- a specially configured connection on a network device that can view all the traffic that moves through the device. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification .
The process of examining and verifying network traffic for invalid data packets—that ispackets that are malformed under the rules of the TCP/IP protocol. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification.
A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level.
Source IP addresses - Source and destination TCP - Number of packets and bytes transmitted in the session - Starting and ending timestamps for the session. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level.
Also known as behavior-based detection- an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level.
A predefined assessment level that triggers a predetermined response when surpassed. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level .
Also known as knowledge-based detection or misuse detection- the examination of system or network data in search of patterns that match known attack signatures. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM).
The comparison of vendorsupplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM).
An attack detection method that reviews the log files generated by computer systemslooking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM).
A software-enabled approach to aggregating- filtering- and managing the reaction to events- many of which are collected by logging activities of IDPSs and network management devices. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM).
A monitored network or network segment that contains multiple honeypot systems honeynet honeypot padded cell system back hack .
An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion honeynet honeypot padded cell system back hack .
A protected honeypot that cannot be easily compromised. honeynet honeypot padded cell system back hack.
The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system. honeynet honeypot padded cell system back hack.
The act of attracting attention to a system by placing tantalizing information in key locations enticement entrapment pen register trap-and-trace application.
The act of luring a person into committing a crime in order to get a conviction enticement entrapment pen register trap-and-trace application.
An application that records information about outbound communications enticement entrapment pen register trap-and-trace application.
An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network. enticement entrapment pen register trap-and-trace application .
A logical sequence of steps or processes used by anattacker to launch an attack against a target system or network. attack protocol fingerprinting footprinting port scanners.
The systematic survey of a targeted organization’s Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range attack protocol fingerprinting footprinting port scanners .
The organized research and investigation of Internet addresses owned or controlled by a target organization. attack protocol fingerprinting footprinting port scanners.
It used both by attackers and defenders to identify orfingerprint active computers on a network- the active ports and serviceson those computers- the functions and roles of the machines- and other useful information. attack protocol fingerprinting footprinting Secure Software Sustainment.
Computer security Means The need to secure the physical location of computer technology from outside threats. TRUE FALSE.
Security Means A state of being secure and free from danger or harm. Also; the actions taken to make someone or something secure. TRUE FALSE.
Communications security Means The protection of all communications media; technology; and content. TRUE FALSE.
Network security Means Protection of the confidentiality; integrity; and availability of information assets; whether in storage; processing; or transmission; via the application of policy; education;training and awareness; and technology. TRUE FALSE.
information security Means A subset of communications security; the protection of voice and data; Networking components; connections; and content. TRUE FALSE.
C.I.A. triad Means The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information - confidentiality; integrity; and availability. TRUE FALSE.
Access Means Authorized users have legal access to a system; whereas hackers must gain illegal access to a system. TRUE FALSE.
A direct attack Means An intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active or passive; intentional or unintentional; and direct or indirect. TRUE FALSE.
Indirect attack Means Security mechanisms; policies; or procedures that can successfully counter attacks; reduce risk; resolve vulnerabilities TRUE FALSE.
Control; safeguard; or countermeasure Means It is originated from a compromised system or resource that is malfunctioning or working under the control of a threat. TRUE FALSE.
Exploit Means A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. TRUE FALSE.
Exposure Means A condition or state of being exposed; in information security; exposure exists when a vulnerability is known to an attacker TRUE FALSE.
Threat agent Means An occurrence of an event caused by a threat agent. TRUE FALSE.
Threat event Means The specific instance or a component of a threat. TRUE FALSE.
Threat source Means A category of objects; people; or other entities that represents the origin of danger to an asset—in other words; can be purposeful or undirected - threat source known as “acts of God/acts of nature.” TRUE FALSE.
Vulnerability Means A potential weakness in an asset or its defensive control system(s). Some examples of vulnerabilities are a flaw in a software package; an unprotected system TRUE FALSE.
Accuracy Means An attribute of information that describes how data is genuine or original rather than reproduced or fabricated. TRUE FALSE.
Authenticity Means An attribute of information that describes how data is free of errors and has the value that the user expects. TRUE FALSE.
Availability Means An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems TRUE FALSE.
Confidentiality Means An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction. TRUE FALSE.
Integrity Means A set of information that could uniquely identify an individual TRUE FALSE.
Personally Identifiable Information (PII) Means An attribute of information that describes how data is whole; complete; and uncorrupted. TRUE FALSE.
Utility Means An attribute of information that describes how data has value or usefulness for an end purpose TRUE FALSE.
Information System (IS) Means The entire set of software; hardware; data; people; procedures; and networks that enable the use of information resources in the organization. physical security The protection of physical items; objects; or areas from unauthorized access and misuse. TRUE FALSE.
Hardware Means It is the physical technology that houses and executes the software; stores and transports the data; and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets – such as locks and keys - from harm or theft. Ex: passed it through the conveyor scanning devices TRUE FALSE.
Data Means Data stored; processed; and transmitted by a computer system must be protected. Data is often the most valuable asset of an organization and therefore is the main target of intentional attacks. Information was originally defined as data with meaning we will use the term information to represent both unprocessed data and actual information. TRUE FALSE.
People Means Though often overlooked in computer security considerations; people have always been a threat to information security. In the end; the Khan simply bribed the gatekeeper - and the rest is history. Whether this event actually occurred or not; the moral of the story is that people can be the weakest link in an organization’s information security program TRUE FALSE.
Procedures Means Networking is the IS component that created much of the need for increased computer and information security. When information systems are connected to each other to form LANs; and these LANs are connected to other networks such as the Internet; new security challenges rapidly emerge. However; when computer systems are networked; this approach (locks and keys) is no longer enough. Steps to provide network security such as installing and configuring firewalls are essential TRUE FALSE.
Networks Means They are written instructions for accomplishing a specific task. should be disseminated among members of an organization on a need-to-know basis. TRUE FALSE.
Bottom-up approach Means A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems. TRUE FALSE.
Top-down approach Means A methodology of establishing security policies and/or practices that is initiated by upper management. It has a higher probability of success. TRUE FALSE.
Methodology Means A formal approach to solving a problem based on a structured sequence of procedures. TRUE FALSE.
Systems Development Life Cycle (SDLC) Means A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed; but generally the phases address the investigation; analysis; design; implementation; and maintenance of an information system TRUE FALSE.
Waterfall SDLC Means A type of SDLC in which each phase of the process “flows from” the information gained in the previous phase; with multiple opportunities to return to previous phases and make adjustments TRUE FALSE.
Logical Design Means In the logical design phase; the information gained from the analysis phase is used to begin creating a systems solution for a business problem. TRUE FALSE.
Implementation Means In the implementation phase; any needed software is created. TRUE FALSE.
Software Assurance (SA) Means A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. TRUE FALSE.
Fail-safe defaults Means Base access decisions on permission rather than exclusion. TRUE FALSE.
Complete mediation Means Every access to every object must be checked for authority TRUE FALSE.
Open design Means Where feasible; a protection mechanism should require two keys to unlock; rather than one TRUE FALSE.
Separation of privilege Means The design should not be secret; but rather depend on the possession of keys or passwords. TRUE FALSE.
Least privilege Means Every program and every user of the system should operate using the least set of privileges necessary to complete the job. TRUE FALSE.
Least common mechanism Means Minimize mechanisms (or shared variables) common to more than one user and depended on by all users TRUE FALSE.
chief information security officer (CISO) Means Typically considered the top information security officer in an organization. TRUE FALSE.
Project team Means A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned. TRUE FALSE.
Champion Means A senior executive who promotes the project and ensures its support; both financially and administratively; at the highest levels of the organization TRUE FALSE.
Team leader Means A project manager who may also be a departmental line manager or staff unit manager; and who understands project management; personnel management; and information security technical requirements. TRUE FALSE.
Security policy developers Means People who understand the organizational culture; existing policies; and requirements for developing and implementing successful policies. TRUE FALSE.
Security professionals Means Dedicated; trained; and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint. TRUE FALSE.
Systems administrators Means People with the primary responsibility for administering systems that house the information used by the organization. TRUE FALSE.
End users Means Individuals who work directly with data owners and are responsible for storage; maintenance; and protection of information. TRUE FALSE.
data custDdians Means Those whom the new system will most directly affect. Ideally; a selection of users from various departments; levels; and degrees of technical knowledge assist the team in focusing on the application of realistic controls that do not disrupt the essential business activities they seek to safeguard. TRUE FALSE.
Security as Art Means The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A touch of color here; a brush stroke there; just enough to represent the image the artist wants to convey without overwhelming the viewer—or in security terms; without overly restricting user access. TRUE FALSE.
Ethics Means They carry the authority of a governing body TRUE FALSE.
laws Means They are based on cultural mores TRUE FALSE.
Information aggregation Means Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. TRUE FALSE.
Privacy Means Pieces of nonprivate data that- when combined- may create information that violates privacy. Not to be confused with aggregate information. TRUE FALSE .
Aggregate information Means In the context of information security- the right of individuals or groups to protect themselves and their information from unauthorized access- providing confidentiality. TRUE FALSE.
Association of Computing Machinery (ACM) Means It is a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.” TRUE FALSE.
Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes and cybercrimes- and works with the U.S. TRUE FALSE.
Payment Card Industry Data Security Standards (PCI DSS) Means It is organization that process payment cards- such as credit cards- debit cards- ATM cards- store-value cards- gift cards- or other related items TRUE FALSE.
goals Means The desired end of a planning cycle. TRUE FALSE.
strategic plan Means The intermediate states obtained to achieve progress toward a goal or goals TRUE FALSE.
objectives Means A plan for the organization’s intended strategic efforts over the next several years. TRUE FALSE.
Tactical planning Means The process of defining and specifying the long-term direction (strategy). TRUE FALSE.
Policies Means The process of tactical planning breaks each strategic goal into a series of incremental objectives. TRUE FALSE.
strategic planning Means They direct how issues should be addressed and how technologies should be used. TRUE FALSE.
Practice Means A detailed statement of what must be done to comply with policysometimes viewed as the rules governing policy compliance. TRUE FALSE.
Standard Means recommendations TRUE FALSE.
guidelines Means recommendations the employee may use as a reference in complying with a policy TRUE FALSE.
Compliance (agreement) Means Step-by-step instructions designed to assist employees in following policies- standards- and guDissemination (distribution) - The organization must be able to demonstrate that the policy has been made readily available for review by the employee (eg.- hard copy and electronic distribution). TRUE FALSE.
Uniform enforcement (fairness in application) Means The organization must be able to demonstrate that the employee understands the requirements and content of the policy (eg.- quizzes and other assessments) TRUE FALSE.
procedures Means The organization must be able to demonstrate that the employee agrees to comply with the policy through act or affirmation (eg.- logon banners- which require a specific action to acknowledge agreement). TRUE FALSE.
Comprehension (understanding) Means The organization must be able to demonstrate that the policy has been uniformly enforced- regardless of employee status or assignment. TRUE FALSE.
Information security policy Means Written instructions provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets TRUE FALSE.
Access control list (ACL) Means Specifications of authorization that govern the rights and privileges of users to a particular information asset TRUE FALSE.
Access control matrix Means An integration of access control lists (focusing on assets) and capability tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. TRUE FALSE.
Capabilities table Means A lattice-based access control with rows of attributes associated with a particular subject (such as a user). TRUE FALSE.
Configuration Rule Policies Means Configuring firewalls- intrusion detection and prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that represent the configuration rule policy . TRUE FALSE.
Information security blueprint Means A framework or security model customized to an organization- including implementation details. TRUE FALSE.
Information security framework Means A specification of a model to be followed during the design- selection- and initial and ongoing implementation of all subsequent security controls- including information security policies- security education and training programs- and technological controls. TRUE FALSE.
Spheres of Security Means It illustrate how information is under attack from a variety of sources. It illustrates the ways in which people access information. TRUE FALSE.
Design of Security Architecture (Layers PPT) Means It is designed and implemented policies- people (education- training- and awareness programs)- and technology. TRUE FALSE.
Defense in depth Means A strategy for the protection of information assets that uses multiple layers and different types of controls (managerial- operational- and technical) to provide optimal protection TRUE FALSE.
operational controls Means Information security safeguards that focus on administrative planning- organizing- leading- and controlling- and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management TRUE FALSE.
managerial controls Means Information security safeguards focusing on lowerlevel planning that deals with the functionality of the organization’s security. These safeguards include disaster recovery and incident response planning. TRUE FALSE.
Security Education- Training- and Awareness (SETA) Program Means Information security safeguards that focus on the application of modern technologies- systemsand processes to protect information assets. These safeguards include firewalls- virtual private networks- and IDPSs. TRUE FALSE.
technical controls Means It is a managerial program designed to improve the security of information assets by providing targeted knowledge- skills- and guidance for an organization’s employees. TRUE FALSE.
Business continuity planning (BCP) Means The documented product of business continuity planning. Occurs concurrently with the DR plan when the damage is major or ongoing. TRUE FALSE.
Business continuity plan (BC plan) Means The actions taken to develop and implement the BC policy. TRUE FALSE.
Business resumption planning (BRP) Means The actions taken to implement a combined DR and BC policy- and plan. TRUE FALSE.
Contingency planning (CP) Means The actions taken to incident response- disaster recovery- and business continuity efforts- as well as preparatory business impact analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)- and business continuity planning (BCP) TRUE FALSE.
Contingency planning management team (CPMT) Means It leads all CP efforts. TRUE FALSE.
Disaster recovery plan (DR plan) Means The documented product. It focuses on restoring systems. TRUE FALSE.
Disaster recovery planning (DRP) Means The actions taken TRUE FALSE.
Incident response plan (IR plan) Means The documented product. It focuses on immediate response- but if the attack is there. TRUE FALSE.
Recovery time objective (RTO) Means An investigation and assessment of the various adverse events that can affect the organization. The BIA attempts to answer the question- “How will it affect us?” TRUE FALSE.
Business impact analysis (BIA) Means The total amount of time the system owner or authorizing official is willing to accept for a mission/business process outage or disruption- including all impact considerations TRUE FALSE.
Maximum tolerable downtime (MTD) Means The point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage (given the most recent backup copy of the data). TRUE FALSE.
Recovery point objective (RPO) Means The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources- supported mission/business processes- and the MTD. TRUE FALSE.
Work recovery time (WRT) Means The amount of effort (expressed as elapsed time) necessary to make the business function operational after the technology element is recovered (as identified with RTO). Tasks include testing and validation of the system. TRUE FALSE.
Business Impact Analysis stage2 Means It is important to collect critical information about each business unit before prioritizing the business units. TRUE FALSE.
Business Impact Analysis stage1 Means Identify Resource Requirements. Once the organization has created a prioritized list of its mission and business processes- it needs to determine which resources would be required to recover those processes and associated assets. TRUE FALSE.
Business Impact Analysis stage3 Means Identify Recovery Priorities for System Resources To do so- it needs to understand the information assets used by those processes TRUE FALSE.
Loss of confidentiality Means The process of examining an incident candidate and determining whether it constitutes an actual incident (both host-based and networkbased). TRUE FALSE.
Incident classification Means Information or information systems become unavailable. TRUE FALSE.
Loss of availability Means Users report corrupt data files- garbage where data should be- or data that looks wrong. TRUE FALSE.
Loss of integrity Means You are notified of sensitive information leaks or informed that information you thought was protected has been disclosed. TRUE FALSE.
Violation of policy Means Organizational policies that address information or information security have been violated. TRUE FALSE.
Violation of law Means The law has been broken- and the organization’s information assets are involved. TRUE FALSE.
Alert roster Means A scripted description of the incident that usually contains just enough information so that each person knows what portion of the IR plan to implement without slowing down the notification process. TRUE FALSE.
Alert message Means A document that contains contact information for people to be notified in the event of an incident. TRUE FALSE.
After-action review Means A detailed examination and discussion of the events that occurred- from first detection to final recovery. TRUE FALSE.
Evidence Means The process of collecting- analyzing- and preserving computerrelated evidence. TRUE FALSE.
Software as a Service (SaaS) Means A physical object or documented information entered into a legal proceeding that proves an action occurred or identifies the intent of a perpetrator TRUE FALSE.
Computer forensics Means in which applications are provided for a fee but hosted on third-party systems and accessed over the Internet and the Web. TRUE FALSE.
Platform as a Service (PaaS) Means in which development platforms are available to developers for a fee and are hosted by third parties. TRUE FALSE.
Disaster Recovery as a Service (DRaaS) Means which is informally known as Everything as a Service- provides hardware and operating systems resources to host whatever the organization wants to implement. Again- the service is hosted by a third party for a fee. TRUE FALSE.
Full backup Means One of the newest options available as a specialized disaster recovery. TRUE FALSE.
Infrastructure as a Service (IaaS) Means The duplication of all files that have changed or been added since the last full backup TRUE FALSE.
Disk duplexing Means The duplication of all files for an entire system- including all applications- operating systems components- and data. TRUE FALSE.
Differential backup Means The duplication of only the files that have been modified since the previous incremental backup TRUE FALSE.
Disk mirroring L1 Means An approach to disk mirroring in which each drive has its own controller to provide additional redundancy TRUE FALSE.
Disk striping L0 Means It is where the computer records all data to twin drives simultaneously- providing a backup if the primary drive fails TRUE FALSE.
Incremental backup Means L1- It is where one logical volume is created by storing data across several available hard drives in segments called stripes. TRUE FALSE.
Hot swap Means A hard drive feature that allows individual drives to be replaced without powering down the entire system and without causing a fault during the replacement. TRUE FALSE.
Redundant array of independent disks (RAID) Means A system of drives that stores information across Multiple units to spread out data and minimize the impact of a single drive failure. TRUE FALSE.
Database shadowing Means provided by mirroring entire servers to provide redundant capaA level of redundancy city for services TRUE FALSE.
Server fault tolerance Means A facility that provides only rudimentary serviceswith no computer hardware or peripherals. TRUE FALSE.
Cold site Means A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server. TRUE FALSE.
Warm site Means A fully configured computing facility that includes all servicescommunications links- and physical plant operations. TRUE FALSE.
Hot site Means A facility that provides many of the same services and options as a hot site- but typically without installed and configured software applications. TRUE FALSE.
Bonus Means Bonus TRUE FALSE.
competitive advantage Means That The adoption and implementation of an innovative business model- method- technique- resource- or technology in order to outperform the competition. TRUE FALSE.
risk assessment Means That A determination of the extent to which an organization’s information assets are exposed to risk. TRUE FALSE.
risk identification Means That The application of controls that reduce the risks to an organization’s information assets to an acceptable level. TRUE FALSE .
risk control Means That The recognition- enumeration- and documentation of risks to an organization’s information assets. TRUE FALSE.
risk management Means That The process of identifying risk- assessing its relative magnitude- and taking steps to reduce it to an acceptable level. TRUE FALSE.
residual risk Means That The risk to information assets that remains even after current controls have been applied. TRUE FALSE.
In Asset Identification - People Means That Position name- number- or ID (avoid using people’s names and stick to identifying positions- roles- or functions)- supervisorsecurity clearance level- special skills TRUE FALSE.
Procedures Means That Description- intended purpose- relationship to softwarehardware- and networking elements- storage location for reference- storage location for update TRUE FALSE.
Name Means That Classification- owner- creator- and manager- size of datastructuredata structure used (sequential or relational)- online or offline- location- backup procedures employed. TRUE FALSE.
Data Means That Make sure that the names you choose are meaningful to all the groups that use the information. You should adopt naming standards that do not convey information to potential system attackers. TRUE FALSE.
IP address Means That This can be a useful identifier for network devices and serversbut it does not usually apply to software. You can- however- use a relational database to track software instances on specific servers or networking devices. TRUE FALSE.
Media access control (MAC) address Means That They are sometimes called electronic serial numbers or hardware addresses. TRUE FALSE.
Element type Means That For hardware- you can develop a list of element typessuch as servers- desktops- networking devices- or test equipment. For software elements- you may develop a list of types that includes operating systems- custom applications by type (accounting- HR- or payroll- for example)- packaged applicationsand specialty applications- such as firewall programs. TRUE FALSE.
Physical location Means That This information falls under asset inventory- which can be performed once the identification process is started. TRUE FALSE.
Threats-vulnerabilitiesassets(TVA) Means That The logical location is most useful for networking devices and indicates the logical network where the device is connected. TRUE FALSE.
Logical location Means That triples Apairing of an asset with a threat and an identification of vulnerabilities that exist between the two. TRUE FALSE.
Loss Frequency Means That Likelihood ? Attack Success Probability TRUE FALSE.
Loss Magnitude Means That Asset Value ? Probable Loss TRUE FALSE.
single loss expectancy (SLE) Means That exposure factor (EF) * asset value (AV) TRUE FALSE.
attack success probability Means That single loss expectancy (SLE) * annualized rate of occurrence (ARO) TRUE FALSE.
annualized loss expectancy (ALE) Means That The number of successful attacks that are expected to occur within a specified time period. TRUE FALSE.
loss frequency Means That The probability that a specific vulnerability within an organization will be the target of an attack. TRUE FALSE.
Likelihood Means That The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range. TRUE FALSE.
transference risk control strategy Means That It attempts to shift risk to other assetsother processes- or other organizations. TRUE FALSE.
termination risk control strategy Means That It indicates the organization is willing to accept the current level of risk. TRUE FALSE.
Acceptance Means That It eliminates all risk associated with an information asset by removing it from service or handling decision points. TRUE FALSE.
access control Means That The selective method by which systems specify who may use a particular resource and how they may use it. TRUE FALSE.
attribute-based access control (ABAC) Means That Specifications of authorization that govern the rights and privileges of users to a particular information asset. TRUE FALSE.
access control list (ACL) Means That An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system TRUE FALSE.
capabilities table Means That In a lattice-based access control- the row of attributes associated with a particular subject (such as a user). TRUE FALSE.
discretionary access controls (DACs) Means That Access controls that are implemented at the discretion or option of the data user. TRUE FALSE.
? lattice-based access control (LBAC) Means That A variation on the MAC form of access control- which assigns users a matrix of authorizations for particular areas of access- incorporating the information assets of subjects such as users and objects. TRUE FALSE.
mandatory access control (MAC) Means That A required- structured data classification scheme that rates each collection of information as well as each user. TRUE FALSE.
nondiscretionary access controls (NDACs) Means That They are implemented by a central authority. TRUE FALSE.
role-based access control (RBAC) Means That An example of a nondiscretionary control where privileges are tied to the role a user performs in an organization- and are inherited when a user is assigned to that role TRUE FALSE.
task-based access control (TBAC) Means That An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. TRUE FALSE.
accountability Means That An integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrixwith organizational assets listed in the column headings and users listed in the row headings. TRUE FALSE.
access control matrix Means That The access control mechanism that ensures all actions ona system—authorized or unauthorized—can be attributed to anauthenticated identity. Also known as auditability. TRUE FALSE.
authentication Means That The access control mechanism that requires the validation and verification of an unauthenticated entity’s purportedidentity. TRUE FALSE.
authorization Means That The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels. TRUE FALSE.
Access control Means That It is the method by which systems determine whether and how to admit a user into a trusted area of the organization—that is-information systems- restricted areas such as computer rooms- and the entire physical location. TRUE FALSE.
identification Means That An authentication card that contains digital user data- such as a personal identification number (PIN)- against which user input is compared. TRUE FALSE.
dumb card Means That The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system. TRUE FALSE.
passphrase Means That A plain-language phrase- typically longer than a passwordfrom which a virtual password is derived. TRUE FALSE.
password Means That A secret word or combination of characters that only the user should know- a password is used to authenticate the user TRUE FALSE.
biometric access control Means That An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN. TRUE FALSE.
smart card Means That The use of physiological characteristics to provide authentication for a provided identification TRUE FALSE.
minutiae Means That In biometric access controls- unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created TRUE FALSE.
address restrictions Means That Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. TRUE FALSE.
dynamic packet-filtering firewall Means That A firewall type that can react to network traffic and create or modify configuration rules to adapt. TRUE FALSE.
firewall Means That In information security- a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network. TRUE FALSE.
application layer proxy firewall Means That A device capable of functioning both as a firewall and an application layer proxy server TRUE FALSE.
demilitarized zone (DMZ) Means That An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside- untrusted network. TRUE FALSE.
proxy server Means That A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server- thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers. TRUE FALSE.
content filter Means That A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example- restricting user access to Web sites from material that is not related to business- such as pornography or entertainment. TRUE FALSE.
data loss prevention Means That A strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network. TRUE FALSE.
virtual private network (VPN) Means That A private- secure network operated over a public and insecure network. TRUE FALSE.
In authentication factors - Something You Know Means That This factor of authentication relies on what the unverified user or system knows and can recall—for example- a assword- passphrase- or other unique authentication code- such as a personal identification number (PIN). TRUE FALSE.
In authentication factors - Something You Have Means That This authentication factor relies on something an unverified user or system has and can produce when necessary. TRUE FALSE.
In authentication factors - Something You Are or Can Produce Means That This relies on individual characteristics- such as fingerprints- palm or prints TRUE FALSE.
intrusion Means That An adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations- almost always with the intent to do harm TRUE FALSE.
intrusion detection and prevention system (IDPS) Means That The general term for a system that can both detect and modify its configuration and environment to prevent. TRUE FALSE.
IDPS response technique Means That A system capable of automatically detecting an intrusion into an organization’s networks or host systems and notifying a designated authority. TRUE FALSE.
intrusion detection system (IDS) Means That Terminating- Blocking- and Blocking all access TRUE FALSE.
Alarm filtering Means That A process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm. TRUE FALSE.
Alarm clustering and compaction Means That The process of classifying IDPS alerts so they can be more effectively managed. TRUE FALSE.
Confidence value Means That The measure of an IDPS’s ability to correctly detect and identify certain types of attacks which is based on fuzzy logic. TRUE FALSE.
False attack stimulus Means That The process by which attackers change the format and/or timing of their activities to avoid being detected by an IDPS. TRUE FALSE.
Evasion Means That An event that triggers an alarm when no actual attack is in progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs can distinguish between these stimuli and real attacks TRUE FALSE.
False negative Means That The failure of an IDPS to react to an actual attack event. TRUE FALSE.
False positive Means That An alert or alarm that occurs in the absence of an actual attack. TRUE FALSE.
Tuning Means That The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives. TRUE FALSE.
Noise Means That Alarm events that are accurate and noteworthy but do not pose significant threats to information security. TRUE FALSE.
Site policy Means That The rules and configuration guidelines governing the implementation and operation of IDPSs within the organization. TRUE FALSE.
Data Collection Means That In the process of analyzing data and network activityIDPSs can be configured to log data for later analysis. TRUE FALSE.
Attack Deterrence Means That Another reason to install an IDPS is that it serves as a deterrent by increasing the fear of detection among would be attackers. TRUE FALSE.
application protocol verification Means That The process of examining and verifying the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected packet behavior or improper use TRUE FALSE.
host-based IDPS (HIDPS) Means That An IDPS that resides on a particular computer or server- known as the host- and monitors activity only on that system. TRUE FALSE.
monitoring port Means That Also known as a switched port analysis (SPAN) port or mirror port- a specially configured connection on a network device that can view all the traffic that moves through the device. TRUE FALSE.
protocol stack verification Means That The process of examining and verifying network traffic for invalid data packets—that is- packets that are malformed under the rules of the TCP/IP protocol. TRUE FALSE.
sensor Means That A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application. TRUE FALSE.
Intrusion detection and prevention typically includes Means That Source IP addresses - Source and destination TCP - Number of packets and bytes transmitted in the session - Starting and ending timestamps for the session. TRUE FALSE.
anomaly-based detection Means That Also known as behavior-based detection- an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy TRUE FALSE.
clipping level Means That A predefined assessment level that triggers a predetermined response when surpassed. TRUE FALSE.
signature-based detection Means That Also known as knowledge-based detection or misuse detection- the examination of system or network data in search of patterns that match known attack signatures. TRUE FALSE.
stateful protocol analysis (SPA) Means That The comparison of vendorsupplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks. TRUE FALSE.
log file monitor (LFM) Means That An attack detection method that reviews the log files generated by computer systems- looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred TRUE FALSE.
security information and event management (SIEM) Means That A software-enabled approach to aggregating- filtering- and managing the reaction to events- many of which are collected by logging activities of IDPSs and network management devices TRUE FALSE.
honeynet Means That A monitored network or network segment that contains multiple honeypot systems. TRUE FALSE.
honeypot Means That An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion. TRUE FALSE.
padded cell system Means That A protected honeypot that cannot be easily compromised. TRUE FALSE.
back hack Means That The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system. TRUE FALSE.
enticement Means That The act of attracting attention to a system by placing tantalizing information in key locations. TRUE FALSE.
pen register Means That The act of luring a person into committing a crime in order to get a conviction. TRUE FALSE.
entrapment Means That An application that records information about outbound communications TRUE FALSE.
attack protocol Means That An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network. TRUE FALSE.
trap-and-trace application Means That A logical sequence of steps or processes used by anattacker to launch an attack against a target system or network. TRUE FALSE.
fingerprinting Means That The systematic survey of a targeted organization’s Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. TRUE FALSE.
footprinting Means That The organized research and investigation of Internet addresses owned or controlled by a target organization. TRUE FALSE.
port scanners Means That It used both by attackers and defenders to identify orfingerprint active computers on a network- the active ports and serviceson those computers- the functions and roles of the machines- and other useful information. TRUE FALSE.
Report abuse Terms of use
HOME
CREATE TEST
COMMENTS
STADISTICS
RECORDS
Author's Tests