Security
Policies
Policies
What is CIA?
Confidentially Integrity Accountability
What is NIST?
National institute of standards and technology.
What term refers to Moving a risk to another party?
Transfer
What is Password age?
How long since password was modified
How many categories/risk factors do vulnerability scans show?
5 (critical, high, medium, low, info)
What is a security incident?
A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information.
What is a Sandbox?
Sandboxing is a cybersecurity practice where you run code, observe and analyze and code in a safe, isolated environment on a network that mimics end-user operating environments.
What term refers to the business taking on risk?
Accept
What is Password expiration?
Password works for certain amount off time
True/false; Port scanning is a vulnerability scan.
true
What is a disaster recovery plan?
A disaster recovery plan (DR or DRP) is a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events.
Name 3 things that can be prepared for an incident?
Communication Methods, Incident handling hardware and software, incident analysis resources, incident mitigation software, and Policies needed for incident handling.
What term refers to stopping participating in activities?
Avoid
Define term: a database where all passwords are stored
password manager
What is fuzzing?
dynamic analysis; send random input to application
What does AUP stand for and what is it?
Acceptable use policy, A policy defines what a user can do with the technology provided to them.
What are 3 signs a cyber-attack is underway?
Unusual network activity, unexplained system outages or slowdowns, unexpected account activity, anomalies in log files, and unusual outbound traffic.
What term refers to decreasing risk level?
Mitigate
Define term: authentication without password
passwordless authernication
Where was the first Fuzz generator created?
University of Wisconsin
What is the SDLC and what are the two types?
Software development lifecycle and the types are agile and waterfall?
What day and time does Microsoft release patches?
Microsoft schedules the release of security updates on "Patch Tuesday," the second Tuesday of each month at 10:00 AM PST.
What is Risk reporting?
Formal documentation that identifies risks/details information of risk.
What is Just-in-time permission?
Granted access for limited time
What is package monitoring?
confirm package/applications is legitimate