Match term to definition
1-109 of 109
Select a term to match it with its definition
Involves sending forged requests to a large number of computers that will reply to the
requests. The source IP address is spoofed to that of the targeted victim.
Give this one a go later!
Reflected Attack
,Is also known as zero-knowledge testing. This refers to a test where the penetration tester is
not given any information and the target organization is not given any warning—both parties
are "blind" to the test. This is the best scenario for testing response capability because the
target will react as if the attack were real.
Give this one a go later!
Double Blind Penetration Testing
Strong leadership, direction and commitment by senior management on security training is
needed. This commitment should be supported with a comprehensive program of formal
security awareness training. Security awareness training should focus on common user
security concerns - such as password selection, appropriate use of computing resources,
email and web browsing safety and social engineering.
Give this one a go later!
Security training
They attempt to prevent an incident. Ex. A sign that warns a person about a dangerous
condition
Give this one a go later!
Proactive Controls (Safeguards)
,Logical access control filters used to validate access credentials that cannot be controlled or
modified by normal users or data owners. Could be carried out by comparing the sensitivity
of the information resources, kept on user-unmodifiable tag attached to the security object
with the security clearance of the accessing entity such as a user or an application. Only
administrators may make decisions that are derived from policy. Only admins can change the
category of a resource, and no one may grant a right of access that is explicitly forbidden in
the access control policy. Anything that is not expressly permitted is forbidden.
Give this one a go later!
Mandatory Access Control
Occurs when misconfigured network devices allow packets to be sent to all hosts on a
particular network via the broadcast address of the network
Give this one a go later!
Smurf Attack
Planning - management approval, deliverables
Reconnaissance/discovery - network mapping
Attacks
Reporting - simultaneously occurs with the prior 3 phases
Give this one a go later!
, Phases of Penetration Testing
Apply an extinguishing agent directly onto a fire (usually a two dimensional area) or into the
three dimensional region immediately surrounding the substance or object on fire. The main
difference between local application and total flooding designs is the absence of physical
barriers enclosing the fire space in the local application design.
Give this one a go later!
Local Application
The proportion of people who fail to be enrolled successfully
Give this one a go later!
Failure to Enroll Rate
The three key elements are opportunity, motivation and rationalization.
Give this one a go later!
Fraud Triangle
1-109 of 109
Select a term to match it with its definition
Involves sending forged requests to a large number of computers that will reply to the
requests. The source IP address is spoofed to that of the targeted victim.
Give this one a go later!
Reflected Attack
,Is also known as zero-knowledge testing. This refers to a test where the penetration tester is
not given any information and the target organization is not given any warning—both parties
are "blind" to the test. This is the best scenario for testing response capability because the
target will react as if the attack were real.
Give this one a go later!
Double Blind Penetration Testing
Strong leadership, direction and commitment by senior management on security training is
needed. This commitment should be supported with a comprehensive program of formal
security awareness training. Security awareness training should focus on common user
security concerns - such as password selection, appropriate use of computing resources,
email and web browsing safety and social engineering.
Give this one a go later!
Security training
They attempt to prevent an incident. Ex. A sign that warns a person about a dangerous
condition
Give this one a go later!
Proactive Controls (Safeguards)
,Logical access control filters used to validate access credentials that cannot be controlled or
modified by normal users or data owners. Could be carried out by comparing the sensitivity
of the information resources, kept on user-unmodifiable tag attached to the security object
with the security clearance of the accessing entity such as a user or an application. Only
administrators may make decisions that are derived from policy. Only admins can change the
category of a resource, and no one may grant a right of access that is explicitly forbidden in
the access control policy. Anything that is not expressly permitted is forbidden.
Give this one a go later!
Mandatory Access Control
Occurs when misconfigured network devices allow packets to be sent to all hosts on a
particular network via the broadcast address of the network
Give this one a go later!
Smurf Attack
Planning - management approval, deliverables
Reconnaissance/discovery - network mapping
Attacks
Reporting - simultaneously occurs with the prior 3 phases
Give this one a go later!
, Phases of Penetration Testing
Apply an extinguishing agent directly onto a fire (usually a two dimensional area) or into the
three dimensional region immediately surrounding the substance or object on fire. The main
difference between local application and total flooding designs is the absence of physical
barriers enclosing the fire space in the local application design.
Give this one a go later!
Local Application
The proportion of people who fail to be enrolled successfully
Give this one a go later!
Failure to Enroll Rate
The three key elements are opportunity, motivation and rationalization.
Give this one a go later!
Fraud Triangle
