CompTIA Security + Ch 10
Card Set Information
CompTIA Security + Ch 10
Weaknesses in your network design and individual host configuration.
The identtifiaction, assessment, and prioritization of risks and the mitigating and monitoring of those risks.
The possibility of a malicious attack or other threat causing damage or downtine to a computer system.
Information Assurance (IA)
The practice of managing risks that are related to computer hardware and software systems.
The risk that is left over afert a security and disaster recovery plan have been implemented.
The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.
Qualitative Risk Assessment
An assessment that assaigns numeric values to the probability of a risk and the impact it can have o the system or network.
Quantitive Risk Assessment
An assessment that measures risk by using exact monetary values.
When a risk id reduced or eliminated altogether.
The transfer or outsourcing of risk to a third party. Also known as risk sharing.
When a organization avoids risk because the risk factor is too great.
When a organization mitigates risk to an acceptable level.
The amount of risk a company is willing to accept. Also known as risk retention.
The practice of finding and mitigating software vulnersbilities in computers and networks.
Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.
A method of evaluating the security of asystem by simulating one or more attacks on that system.
Open Vulnerability and Assessment Language (OVAL)
A standard and programming language designed to standardize the transfer of secure public information across networks and the Internet.
The study of physical and logical connectivity of networks.
The act of scanning for weaknesses in hte network and individual systems.
Software used to decipher which ports are open on a host.
Software tool used to capture and analyze packets.
Software tool used to recover passwords from hosts or to discover weak passwords.
A password attack that uses a rearranged list of likely words, trying each of them one at a time.
Brute Force Attack
A password attack where every possible password is attempted.
A password attack uses a considerable set of precalcualted encrypted passwords located in a lookup table.
In password cracking, a set of precalculated encrypted passwords located in a lookup table.
The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.