CompTIA Security + Ch 10

Card Set Information

CompTIA Security + Ch 10
2012-06-27 12:24:12

Flash Cards
Show Answers:

  1. Vulnerability
    Weaknesses in your network design and individual host configuration.
  2. Risk Management
    The identtifiaction, assessment, and prioritization of risks and the mitigating and monitoring of those risks.
  3. Risk
    The possibility of a malicious attack or other threat causing damage or downtine to a computer system.
  4. Information Assurance (IA)
    The practice of managing risks that are related to computer hardware and software systems.
  5. Residual Risk
    The risk that is left over afert a security and disaster recovery plan have been implemented.
  6. Risk Assesment
    The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.
  7. Qualitative Risk Assessment
    An assessment that assaigns numeric values to the probability of a risk and the impact it can have o the system or network.
  8. Quantitive Risk Assessment
    An assessment that measures risk by using exact monetary values.
  9. Risk Mitigation
    When a risk id reduced or eliminated altogether.
  10. Risk Transference
    The transfer or outsourcing of risk to a third party. Also known as risk sharing.
  11. Risk Avoidance
    When a organization avoids risk because the risk factor is too great.
  12. Risk Reduction
    When a organization mitigates risk to an acceptable level.
  13. Risk Acceptance
    The amount of risk a company is willing to accept. Also known as risk retention.
  14. Vulnerability Management
    The practice of finding and mitigating software vulnersbilities in computers and networks.
  15. Vulnerability Assessment
    Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.
  16. Penetraction Testing
    A method of evaluating the security of asystem by simulating one or more attacks on that system.
  17. Open Vulnerability and Assessment Language (OVAL)
    A standard and programming language designed to standardize the transfer of secure public information across networks and the Internet.
  18. Network Mapping
    The study of physical and logical connectivity of networks.
  19. Vulnerablity Scanning
    The act of scanning for weaknesses in hte network and individual systems.
  20. Port Scanner
    Software used to decipher which ports are open on a host.
  21. Protocol Analyzer
    Software tool used to capture and analyze packets.
  22. Password Cracker
    Software tool used to recover passwords from hosts or to discover weak passwords.
  23. Dictionary Attack
    A password attack that uses a rearranged list of likely words, trying each of them one at a time.
  24. Brute Force Attack
    A password attack where every possible password is attempted.
  25. Cryptanalysis Attack
    A password attack uses a considerable set of precalcualted encrypted passwords located in a lookup table.
  26. Rainbow Tables
    In password cracking, a set of precalculated encrypted passwords located in a lookup table.
  27. Salting
    The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.