IT6205A - Information Assurance & Security I
|
Facts that can be recorded and that
have implicit meaning. |
data |
|
A computerized
system that permits users to create and maintain a database. |
database management system |
|
Database System
automatically takes care of backup and recovery. |
True |
|
Internal Level describes
the physical storage structure of the database. |
True |
|
Controlling
Redundancy is used to improve the performance of queries. |
True |
|
Data Manipulation
Language is use for manipulating data in a database. |
True |
|
Describes how
entities are related. |
relationships |
|
People whose jobs
require access to the database for querying, updating, and generating reports |
end users |
|
We call the
database and DBMS software together as a |
database system |
|
Who is responsible
in administering the primary and secondary resource in the database? |
database administrator |
|
It is a question or
an inquiry, sometimes loosely used for all types of interactions with
databases |
query |
|
Attribute is a name
for a set of similar things that you can list. Like objects, events, people. |
False |
|
Data abstraction is
the data type, relationships and constraints that apply to the data. |
False |
|
It is between
high-level and low-level data models. |
implementation data models |
|
Physical data
models is a concept that shows how the data is stored on the computer. |
True |
|
Data model is a
collection of concepts that is used to describe the structure of a database. |
True |
|
There’s no
difference between the description of database and the database itself. |
False |
|
It is a collection
of related data. |
database |
|
A displayed schema
is called Schema figure. |
False |
|
They are liable for
identifying the data to be stored within the database and for selecting
appropriate structures to represent and store this data |
database designers |
|
Acceptance,
avoidance, mitigation, transfer—are with respect to a specific risk for a
specific pary. |
The risk treatment |
|
Risks not avoided
or transferred are retained by the organization. |
Risk Acceptance |
|
Not performing an
activity that would incur risk. |
Risk Avoidance |
|
Are the security
features of a system that provide enforcement of a security policy. |
Trust mechanism |
|
Seven Stages of
lifecycle model |
Requirements, Design, Coding,
Testing, Deployment, Production and Decommission |
|
Taking actions to
reduce the losses due to a risk; many technical countermeasures fall into
this category. |
Risk mitigation |
|
Risk Management
Procedure consists of six steps. |
·
Make
risk management decisions ·
Prioritize
countermeasure options ·
Assess
risks ·
Assess
vulnerabilities ·
Assess
threats |
|
Is a generic term
that implies a mechanism in place to provide a basis for confidence in the
reliability/security of the system. |
Trust |
|
Shift the risk to
someone else. |
Risk Transfer |
|
Research, target
identification and selection: it may be looking for e-mail addresses, social
relationships, or data about a particular technology, information displayed
on various websites; |
Reconnaissance |
|
These actions
typically consist of collecting information, modifying data integrity, or
attacking the availability of services and devices, but the victim system can
also be used as a starting point for infecting other systems or for expanding
access to the local network. |
Action on objective |
|
Infecting a victim
system with a computer trojan, backdoor or other malware application of this
type that ensures the attacker’s presence in the target environment; |
Installation |
|
Risks not avoided
or transferred are retained by the organization. |
Risk Acceptance |
|
After the first six
phases, an attacker can act to achieve the goals. These actions typically
consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used
as a starting point for infecting other systems or for expanding access to
the local network. |
Action on Objective |
|
Acronym for TCB? |
Trusted Computing Base |
|
After the weapon is
delivered to the victim, follows the targeting of an application or vulnerability
of the operating system. The infected file can be used by the self-execution
facility to launch the malware code, or it can be executed by the user
himself; |
Exploitation |
|
Acceptance,
avoidance, mitigation, transfer—are with respect to a specific risk for a
specific pary. |
The risk treatment |
|
Is it true or
false. Using encrypted versions of protocols when sensitive information is
exchanged so as to ensure data confidentiality and prevent identity theft is
some basic steps in storing personal data. |
True |
|
Are the security
features of a system that provide enforcement of a security policy. |
Trust mechanism |
|
Failure of the
mechanism may destroy the basis for trust. |
Trust |
|
Is the process by
which an asset is managed from its arrival or creation to its termination or
destruction. |
Lifecycle |
|
Shift the risk to
someone else. |
Risk Transfer |
|
Is it true or
false. An additional risk occurs when personal information is stored in
client accounts on commercial websites, which may become the target of
cyber-attacks anytime, so stored data becomes vulnerable is some basic steps
in storing personal data |
True |
|
Physical security
consist in the closure of IT equipment in a dedicated space and the provision
of access control. |
Prevent Cyber-Attacks |
|
The infected file
can be used by the self-execution facility to launch the malware code, or it
can be executed by the user himself; |
Exploitation |
|
Is a collection of
all the trust mechanisms of a computer system which collectively enforce the
policy. |
TCB |
|
Taking actions to
reduce the losses due to a risk; many technical countermeasures fall into
this category. |
Risk mitigation |
|
Usually an infected
host must be accessible outside of the local network to establish a command
and control channel between the victim and the attacker. Once this
bidirectional communication has been made, an attacker has access inside the
target environment and can usually control the activity by manually launching
commands; |
Command and Control |
|
Making a malware
application (for example, a computer trojan) that, combined with an
exploitable security breach, allows remote access. Moreover, PDF (Portable
Document Format) files or Microsoft Office suite-specific files can be
regarded as weapons available to the attacker; |
Weaponization |
|
Is a measure of
confidence that the security features, practices, procedures, and
architecture of a system accurately mediates and enforces the security
policy. |
Assurance |
|
Is it true or
false. Encrypting all personal information when saved on different storage
media is some basic steps in storing personal data. |
True |
|
Risk Management
Procedure consists of six steps. |
Assess assets, Assess threats,
Assess vulnerabilities, Assess risks, Prioritize countermeasure options and
Make risk management decisions |
|
Transmitting the
weapon to the target environment. |
Delivery |
|
Seven Stages of
lifecycle model |
Requirements, Design, Coding,
Testing, Deployment, Production and Decommission |
|
Once this
bidirectional communication has been made, an attacker has access inside the
target environment and can usually control the activity by manually launching
commands; |
command and control |
|
The main ways of
transport are e-mails (attachment of infected files), web platforms (running
malware scripts), or removable USB memories; |
Delivery |
|
Is a generic term
that implies a mechanism in place to provide a basis for confidence in the
reliability/security of the system. |
Trust |
|
Logical security
consists in software that are necessary to control the access to information
and services of a system. The logical level is divided into two categories:
access security level and service security level. |
Prevent Cyber-Attacks |
|
Not performing an
activity that would incur risk. |
Risk Avoidance |
|
Is it true or
false. Storage the minimum required data online and maximum discretion in
providing them to a third party (users, companies) is some basic steps in
storing personal data. |
True |
|
Is it true or
false. The use of complex, unique, hard to guess or break passwords,
consisting of numbers, upper/lower case letters and special characters is
some basic steps in storing personal data. |
True |
|
What are the steps
in intrusion model? |
Recon, Weaponise, Deliver,
Exploit, Install, C2 and Action |
No comments:
Post a Comment