Card Set Information
It is not possible to spread a virus via an USB stick?
The SYN spoofing attack targets the table of TCP connections on the server
Malicious software aims to...?
trick users into revealing sensitive personal data
Data integrity assures that information and programs are changed only in a specified and authorized manner
Sometimes referred to as the 'infection vector'
the infection mechanism is the means by which a virus spreads or propagates
Developed for commercial applications in which conflicts of interest can arise.
The Chinese Wall Model
When a DoS attack is detected, the first step is to........?
Identify the attack
To prevent XSS attacks
attacks any user supplied input should be examined and any dangerous code removed or escaped to block its execution
Security classes are referred to as
The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors
is to acquire a Lock on the shared file, ensuring that each process has appropriate access in turn
A regular expression is ??
a pattern composed of a sequence of characters that describe allowable input variant
Classification creep is when
a new document consolidates information from a range of sources and
levels so that some of that information is now classified at a higher
level than it was originally
A steady reduction in memory available on the heap to the point where it is completely exhausted is known as a
Injection attack is ??
Program flaw that occurs when program input data can accidentally or
deliberately influence the flow of execution of the program
Defensive programming is sometimes referred to as
A Stack frame is a structure
where data are usually saved on the stack
Assurance is a process that ensures??
a system is developed and operated as intended by the system's security policy
A circuit-level gateway sets up two TCP connections
one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host
DRM are systems and procedures that ensure
that holders of digital rights are clearly identified and receive stipulated payment for their works
The advantages of the baseline
approach are that it doesn't require the expenditure of additional
resources in conducting a more formal risk assessment and that the same
measures can be replicated over a range of systems
a word, name, symbol or device used in trade with goods to indicate the
source of goods and and distinguish these goods from other goods
A network-based IDS does ?
monitors network traffic for particular network segments or devices and
analyzes network, transport, and application protocols to identify
Risk acceptance is
choosing to accept a risk level greater than normal for business reasons
Patent grants ??
property rights to the inventor
Service control determines
the types of Internet services that can be accessed, inbound or outbound
A Class is
a collection of requirements that share a common focus or intent
A ciphertext is
the scrambled message produced as output
A replay attack
Involves an adversary repeating a previously captured user response
the granting of a right or permission to a system entity to access a system resource
The most important symmetric algorithms
all of which are block ciphers, are the DES, triple DES, and the ASE
refers to setting a maximum number with respect to roles
A digital signature is
created by using a secure hash function to generate a hash value for a
message and then encrypting the hash code with a private key
Hand geometry systems
identify features of the hand, including shape, and lengths and widths of fingers
The user education strategy is
when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords
The decryption algorithm is
the encryption algorithm run in reverse