CISA Exam 533 Questions with Verified Answers 2021,100% CORRECT

CISA Exam 533 Questions with Verified Answers 2021 Acceptance Testing - CORRECT ANSWER Testing to see whether products meet requirements specified in contract or by user. Access - CORRECT ANSWER A specific type of interaction between a subject and an object that results in the flow of information from one to the other. A subject's right to use an object. Access Control - CORRECT ANSWER Aka controlled access & limited access. (1) Process of limiting access to resources of a system only to authorized programs, processes or other systems (in a network). (2) Enable authorized use of a resource while preventing unauthorized use. Access Control List - CORRECT ANSWER List of subjects permitted to access an object & access rights of each subject. Access Control Mechanism - CORRECT ANSWER Hardware or software features, operating procedures, management procedures, & various combinations of these designed to prevent / detect unauthorized access & to permit authorized access in an automated system. Accessibility - CORRECT ANSWER Obtain use of a computer system or a resource, or ability & means necessary to store data, retrieve data, or communicate with a system. Accountability - CORRECT ANSWER (1) property that enables activities on a system to be traced to individuals who may then be held responsible for their actions. (2) security goal that generates req for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection & prevention, & after-action recovery & legal action. Accreditation - CORRECT ANSWER (1) Management's formal acceptance of adequacy of a computer system's security. (2) Authorize operation of an info system & to explicitly accept risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on implementation of agreed-upon set of security controls. Accuracy - CORRECT ANSWER A qualitative assessment of correctness, or freedom from error. Acquisition Plan - CORRECT ANSWER Doc that records management's decisions, contains requirements, provides appropriate analysis of technical options & life cycle plans for development, production, training, & support of material items. Active Attack (& Ex) - CORRECT ANSWER Attack on authentication protocol where attacker transmits data to claimant or verifier. Examples of active attacks include a man-in-the-middle, impersonation, & session hijacking. Active Content - CORRECT ANSWER (1) Web pages which contain references to programs which are downloaded & executed automatically by web browsers. (2) Electronic documents that are able to carry out or trigger actions automatically on a computer platform without intervention of a user. Allows mobile code associated with a document to execute as rendered. Active Wiretapping - CORRECT ANSWER attaching of an unauthorized device, such as a computer terminal, to a communications circuit for purpose of obtaining access to computer data through generation of false messages or control signals, or by altering communications of legitimate users. ActiveX - CORRECT ANSWER A loosely defined set of technologies developed by Microsoft. Outgrowth of 2 other Microsoft technologies called OLE (Object Linking & Embedding) & COM (Component Object Model). As a moniker, ActiveX can be very confusing because it applies to a whole set of COM-based technologies. Most people, think only of ActiveX controls, which represent a specific way of implementing ActiveX technologies. Add-on Security - CORRECT ANSWER retrofitting of protection mechanisms, implemented by hardware or software, after computer system has become operational. Address - CORRECT ANSWER sequence of bits or characters that identifies destination & source of a transmission. Advanced Encryption Standard (AES) - CORRECT ANSWER U.S. govt-approved cryptographic algorithm that can be used to protect electronic data. It is a symmetric block cipher that can encrypt (encipher) & decrypt (decipher) info; capable of using cryptographic keys of 128, 192, & 256 bits to encrypt & decrypt data in blocks of 128 bits. AES is an encryption algorithm for securing sensitive but unclassified material. Alignment - CORRECT ANSWER Degree of agreement, conformance, & consistency among organizational purpose, mission, vision, & values; structures, systems, & processes; & individual values, skills, & behaviors. Analog Signal - CORRECT ANSWER Continuous electrical signal whose amplitude varies in direct correlation with original input. Analysis of Alternatives - CORRECT ANSWER Process of determining how an organization's info needs will be met. It is an analysis to compare & evaluate costs & benefits of various alternatives for meeting a req for purpose of selecting alternative that is most advantageous to organization. Anomaly - CORRECT ANSWER Condition which departs from expected. This expectation can come from documentation (e.g., requirements specifications, design documents, user documents) or from perceptions or experiences. An anomaly is not necessarily a problem in software, but a deviation from expected, so that errors, defects, faults, & failures are considered anomalies. Application - CORRECT ANSWER computer program designed to perform specific functions, such as inventory control, scheduling, & payroll. Application Controls - CORRECT ANSWER related to individual application systems, which help ensure that transactions are valid, complete, authorized, processed, & reported. Application Generator - CORRECT ANSWER A type of tool that uses software designs &/or requirements to generate entire software applications automatically, including program source code & program control statements. Application Service Provider (ASP) - CORRECT ANSWER A firm providing online business application systems to customers for a fee. Application Software - CORRECT ANSWER Programs that perform specific tasks, such as word processing, database management, or payroll. Software that interacts directly with some non-software system (e.g., human, robot, etc.). Application-Level Gateway (ALG) - CORRECT ANSWER Application-specific translation agents that allow an application (like VoIP Voice over Internet Protocol) on a host in one address realm to connect to its counterpart running on a host in different realm transparently. An ALG may interact with NAT Network Address Translation to set up state, use NAT state info, modify application specific payload, & perform whatever else is necessary to get application running across disparate address realms. Appraisal Costs - CORRECT ANSWER Costs associated with measuring, evaluating, or auditing products to assure conformance with quality standards & performance requirements. Architecture - CORRECT ANSWER A description of all functional activities to be performed to achieve desired mission, system elements needed to perform functions, & designation of performance levels of those system elements. Also includes info on technologies, interfaces, & location of functions & is considered an evolving description of an approach to achieving a desired mission. Assembler - CORRECT ANSWER a computer program that translates program instructions written in assembly language into machine language that computers can understand. Assertion - CORRECT ANSWER statement from a verifier to a relying party that contains identity info about a subscriber. Assertions may also contain verified attributes. Assertions may be digitally signed objects or they may be obtained from a trusted source by a secure protocol. Asset - CORRECT ANSWER Information resources that support an organization's mission. Assurance - CORRECT ANSWER One of the 5 security goals. 1. Confidence that a computer system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied. Adequacy of a computer system includes what characteristics - CORRECT ANSWER "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), & (3) sufficient resistance to intentional penetration or by-pass. Asymmetric Keys - CORRECT ANSWER Two related keys, a public key & a private key that are used to perform complementary operations, such as encryption & decryption or signature generation & signature verification. Asynchronous Transfer Mode - CORRECT ANSWER A fast-packet technology that was developed for use in area networks using fixed-length cells. It appears to be best alternative for multimedia applications where data are mixed with voice, images, or full-motion video. Atomicity - CORRECT ANSWER Atomicity means that an online or distributed transaction is considered to be either complete or incomplete. transaction cannot be partially complete & left in an uncertain state. Attack - CORRECT ANSWER (1) act of trying to bypass security controls on a system. An attack may be active, resulting in alteration of data, or passive, resulting in release of data. (2) An attempt to obtain a subscriber's token or to fool a verifier into believing that an unauthorized individual possesses a claimant's token. Attacker - CORRECT ANSWER A party who is not claimant or verifier but wishes to successfully execute authentication protocol as a claimant. Attribute - CORRECT ANSWER A characteristic that describes a person, thing, or event. An inherent quality that an item either has or does not have. Attribute Sampling - CORRECT ANSWER selected sampling units are measured or evaluated in terms of whether they have attribute of interest, & some statistical measure (statistic) is computed from these measurements to estimate proportion of population that has attribute. Attributes - CORRECT ANSWER Properties of an entity. An entity is said to be described by its attributes. In a database, attributes of an entity have their analogues in fields of a record. In an object database, instance variables may be considered attributes of object. Audit Trail - CORRECT ANSWER 1. A chronological record of system activities that is sufficient to enable reconstruction, reviewing, & examination of sequence of environments & activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. 2. ability to trace data or transactions from origination to output & back. Authenticate - CORRECT ANSWER a. To verify identity of a user, device, or other entity in a computer system, often as prerequisite to allowing access to resources in a system. b. To verify integrity of data that have been stored, transmitted or otherwise exposed to possible unauthorized modification. Authentication - CORRECT ANSWER 1. Providing assurance regarding identity of a subject or object, for example, ensuring that a particular user is who he claims to be. 2. Verifying identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system. 3. process of establishing confidence in user identities. Authentication Protocol - CORRECT ANSWER A well-specified message exchange process that verifies possession of a token to remotely authenticate a claimant. Some authentication protocols also generate cryptographic keys that are used to protect an entire session so that data transferred in session is cryptographically protected. Authenticity - CORRECT ANSWER (1) property that data originated from its purported source. (2) property of being genuine & being able to be verified & trusted; confidence in validity of a transmission, a message, or message originator. See authentication. Authorization - CORRECT ANSWER (1) Determining whether a subject is trusted to act for a given purpose, for example, allowed to read a particular file. (2) granting or denying of access rights to a user, program, or process. Availability - CORRECT ANSWER (1) probability that a given resource will be usable during a given time period. (2) security goal that generates req for protection against intentional or accidental attempts to: (a) perform unauthorized deletion of data or (b) otherwise cause of denial of service or data. It also refers to timely & reliable access to & use of data & info services for authorized users. Back Door - CORRECT ANSWER aka Trap Door. A hidden flaw in a system mechanism that can be triggered to circumvent system's security. Aka trap door. Backup Operations - CORRECT ANSWER Methods for accomplishing essential business tasks subsequent to disruption of a computer facility & for continuing operations until facility is sufficiently restored. Backup Plan - CORRECT ANSWER aka Contingency/disaster/emergency plan. A plan for emergency response, backup operations, & post-disaster recovery maintained by an activity as a part of its security program that will ensure availability of critical resources & facilitate continuity of operations in an emergency situation. Backup Procedures - CORRECT ANSWER provisions made for recovery of data files & program libraries, & for restart or replacement of computer equipment after occurrence of a system failure or of a disaster. Bandwidth - CORRECT ANSWER In communications, difference between highest & lowest frequencies in a given range. In computer networks, greater bandwidth indicates faster data transfer capabilities (i.e., rate at which info can be transmitted in bits/second). Barometer - CORRECT ANSWER measuring atmospheric pressure, used in weather forecasting & in determining elevation. It gives notice of fluctuations. Baseline - CORRECT ANSWER A version of software used as a starting point for later versions. Batch Processing - CORRECT ANSWER Data or transactions are accumulated over a period of time & then processed in a single run. Bebugging - CORRECT ANSWER Planting errors in computer programs to ensure that all known errors are detected. It determines whether a set of test cases is adequate. Aka error seeding. Bell & LaPadula Model - CORRECT ANSWER An info-flow security model couched in terms of subjects & objects, based on concept that info shall not flow to an object of lesser or noncomparable classification. Benchmark - CORRECT ANSWER Tests that verify performance & capabilities of a proposed computer system/new software by using actual or simulated workloads; to improve business processes. Benchmarking - CORRECT ANSWER structured approach for identifying best practices from industry & govt, & comparing & adapting them to organization's operations. Such an approach is aimed at identifying more efficient & effective processes for achieving intended results & at suggesting ambitious goals for productivity, product/service quality, & process improvement. Best Practices - CORRECT ANSWER Processes, practices, & systems widely recognized as improving an organization's performance & efficiency; can reduce business expenses & improve organizational efficiency across all functions within an organization. Bias - CORRECT ANSWER existence of a factor that causes an estimate made on basis of a sample to differ systematically from population parameter being estimated. Bias may originate from poor sample design, deficiencies in carrying out sampling process, or an inherent characteristic of measuring or estimating technique used. Biba Model - CORRECT ANSWER An integrity model in which no subject may depend on a less trusted object, including another subject. Binding - CORRECT ANSWER An acknowledgment by a trusted third party that associates an entity's identity with its public key. This may take place through 1. a certification authority's generation of a public key certificate, 2. a security officer's verification of an entity's credentials & placement of entity's public key & identifier in a secure database, or 3. an analogous method. Biometric - CORRECT ANSWER physiological attribute (e.g., a fingerprint) that may be used to identify an individual. Used to unlock authentication tokens & prevent repudiation of registration. Black Box Testing - CORRECT ANSWER A method of verifying that software functions perform correctly without examining internal program logic. Boot Sector - CORRECT ANSWER read as part of system startup, & thus they are loaded into memory when computer first boots up. Boot Sector Virus - CORRECT ANSWER Located in a specific part of hard disk or floppy disk called boot sector. Once in memory, a boot sector virus can infect any hard disk or floppy accessed by user. In other words, it is a virus that plants itself in a system's boot sector & infects master boot record. Now relatively uncommon. Boundary Router - CORRECT ANSWER located at organization's boundary to an external network. A boundary router is configured to be a packet filter firewall. Bridges - CORRECT ANSWER device that connects similar or dissimilar LANs together to form an extended LAN. Broadband - CORRECT ANSWER refers to telecommunication in which a wide band of frequencies is available to transmit info. Because a wide band of frequencies is available, info can be multiplexed & sent on many different frequencies or channels within band concurrently, allowing more info to be transmitted in a given amount of time (much as more lanes on a highway allow more cars to travel on it at same time). Broadband Network - CORRECT ANSWER LAN on which transmissions travel as radio frequency signals over separate inbound & outbound channels. Stations on a broadband network are connected by coaxial or fiber-optic cable. It's capable of high-speed operation, but it is more expensive than a baseband network & can be difficult to install. Such a network is based on same technology used by cable television. Aka wideband transmission. Broadband Network Cable transmission is done by - CORRECT ANSWER Cable itself can be made to carry data, voice, & video simultaneously over multiple transmission channels. This complex transmission is accomplished by technique called frequency-division multiplexing, in which individual channels are separated by frequency & buffered from one another by guard bands of frequencies that are not used for transmission. Brouters - CORRECT ANSWER routers that can also bridge; they route one or more protocols & bridge all other network traffic. Brute-Force Attack - CORRECT ANSWER when every possible combination of cryptographic keys, passwords, user IDs, & PINs is tried in an attempt to break into a computer system or network. Buffer Overflow Attack - CORRECT ANSWER Where more input can be placed into a buffer or data holding area than capacity allocated, overwriting other info. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of system. Business Case - CORRECT ANSWER structured proposal for business improvement that functions as a decision package for organizational decision makers. Includes an analysis of business process performance & associated needs or problems, proposed alternative solutions, assumptions, constraints, & risk-adjusted cost/benefit analysis. Business Continuity Plan (BCP) - CORRECT ANSWER documentation of a predetermined set of instructions or procedures that describe how an organization's business functions will be sustained during & after a significant disruption. Business Impact Analysis (BIA) - CORRECT ANSWER Look at IT system's requirements, processes, & interdependencies used to characterize system contingency requirements & priorities in event of a significant disruption. Business Process Improvement (BPI) - CORRECT ANSWER continuous, incremental improvements in existing business processes. Business Process Reengineering (BPR) - CORRECT ANSWER radical changes to business processes. Callback/call-back - CORRECT ANSWER Aka Dialback. A procedure established for positively identifying a terminal dialing into a computer system by disconnecting calling terminal & reestablishing connection by computer system's dialing telephone number of calling terminal. Capability Maturity Model (CMM) - CORRECT ANSWER CMM is a five-stage model of how software organizations improve, over time, in their ability to develop software. Knowledge of CMM provides a basis for assessment, comparison, & process improvement. Carnegie Mellon developed CMM. CASE Tool - CORRECT ANSWER software program that provides partial or total automation of a single function within software life cycle. Cause-and-effect Diagram - CORRECT ANSWER Used in process analysis where a process or subprocess is examined for possible causes. Later, significant root causes of problem are selected, verified, & corrected. Centralized Data Processing - CORRECT ANSWER an organization maintains all computing equipment at a single site (host), & supporting field-office(s) have no effective data processing capabilities. Certificate (or a Public Key Certificate) - CORRECT ANSWER digitally signed data structure defined in X.509 standard that binds identity of a certificate holder (or subject) to a public key. Certification - CORRECT ANSWER (1) administrative act of approving a computer system for use in a particular application. (2) A comprehensive assessment of management, operational, & technical security controls in an info system, made in support of security accreditation, to determine extent to which controls are implemented correctly, operating as intended, & producing desired outcome with respect to meeting security requirements for system. Challenge-response - CORRECT ANSWER Authentication procedure that requires calculating a correct response to an unpredictable challenge. Challenge-Response Protocol - CORRECT ANSWER Where verifier sends claimant a challenge (usually a random value or a nonce) & can independently compute response & compare it with response generated by claimant. If two are same, claimant is considered to have successfully authenticated himself. When shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. Change Management - CORRECT ANSWER Activities involved in: 1. defining & instilling new values, attitudes, norms, & behaviors within an organization that support new ways of doing work & overcome resistance to change; 2. building consensus among customers & stakeholders on specific changes designed to better meet their needs; & 3. planning, testing, & implementing all aspects of transition from one organizational structure or business process to another. Check Sheet - CORRECT ANSWER collecting data in a logical & systematic manner. Chief Information Officer (CIO) responsibilities - CORRECT ANSWER (1) providing advice & other assistance to head of executive agency & other senior mgmt to ensure that IT is acquired & info resources are managed in a manner that is consistent with laws, executive orders, directives, policies, regulations, & priorities established by head of agency; (2) developing, maintaining, & facilitating implementation of a sound & integrated IT architecture; & (3) promoting effective & efficient design & operation of all major info resources management processes, including improvements to work processes. Ciphertext / Cipher Text - CORRECT ANSWER result of transforming plaintext with an encryption algorithm. encrypted form of a plaintext message of data. Aka cryptotext. Claimant - CORRECT ANSWER A party whose identity is to be verified using an authentication protocol. Clark-Wilson Integrity Model - CORRECT ANSWER approach to providing data integrity for common commercial activities, including software engineering concepts of abstract data types, separation of privilege, allocation of least privilege, & nondiscretionary access control. Class - CORRECT ANSWER 1. A set of objects that share a common structure & a common behavior. 2. Object type, consisting of instance variables & method definitions; they are templates from which individual objects can be created. Client-Server Model - CORRECT ANSWER Client (user), whether a person or a computer program, may access authorized services from a server (host) connected on distributed computer system. Services provided include database access, data transport, data processing, printing, graphics, electronic mail, word processing, or any other service available on system; which may be provided by a remote mainframe using long haul communications or within user's workstation in real-time or delayed (batch) transaction mode. Such an open access model is required to permit horizontal & vertical integration. Cluster Sample - CORRECT ANSWER Simple random sample in which each sampling unit is a collection of elements. Coaxial Cable - CORRECT ANSWER Two conductors, a center wire inside a cylindrical shield that is grounded. shield is typically made of braided wire & is insulated from center wire. shield minimizes electrical & radio-frequency interference; signals in a coaxial cable do not affect nearby components, & potential interference from these components does not affect signal carried on cable. Coding - CORRECT ANSWER Creating software used by computer from program flowcharts or pseudocode. Cold Site - CORRECT ANSWER backup facility that has necessary electrical & physical components of a computer facility but no computer equipment. Ready to receive necessary replacement computer equipment. Commercial Software - CORRECT ANSWER Available through lease or purchase in commercial market from an organization representing itself to have ownership or marketing rights of software. Common Gateway Interface (CGI) - CORRECT ANSWER Programs are insecure programs that allow web server to execute an external program when particular uniform resource locators (URLs) are accessed. Communications Protocol - CORRECT ANSWER Standards designed to enable computers to connect with one another & to exchange info with as little error as possible. Compiler - CORRECT ANSWER Computer program that translates large sections of source code into object code computer can understand. Completeness - CORRECT ANSWER software's required functions & design constraints are all present & fully developed in software requirements, software design, & code. Compromise(d) - CORRECT ANSWER violation of security policy of a system such that unauthorized disclosure of sensitive info may have occurred. unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys & other critical security parameters). Computer Fraud - CORRECT ANSWER Misrepresentation, alteration, or disclosure of data in order to obtain something of value (usually for monetary gain). A computer system must have been involved in perpetration or cover-up of act or series of acts through improper manipulation of input data; output or results; applications programs; data files; computer operations; communications; or computer hardware, systems software, or firmware. Computer Virus - CORRECT ANSWER Similar to a Trojan horse. Contains hidden code, usually unwanted function as a side effect. Main difference between a virus & a Trojan horse is that hidden code in a computer virus can only replicate by attaching a copy of itself to other programs & may also include an additional "payload" that triggers when specific conditions are met. Computing Security Methods - CORRECT ANSWER security safeguards implemented within IS, using networking, hardware, software, & firmware of IS. This includes: 1. hardware, firmware, & software that implements security functionality & 2. design, implementation, & verification techniques used to ensure that system assurance requirements are satisfied. Concurrency Control - CORRECT ANSWER mechanism that prevents multiple users from executing inconsistent actions on database. Confidence Interval - CORRECT ANSWER range of values that you can be X% certain contains true mean of population. Has upper & lower confidence limits. Confidence Level - CORRECT ANSWER A number, stated as a %, that expresses degree of certainty associated with an interval estimate of a population parameter. It is probability that an estimate based on a random sample falls within a specified range. Confidentiality - CORRECT ANSWER 1/5 security goals where (1) Status & degree of protection (2) Ensuring that data is disclosed only to authorized subjects: processes, or devices. (3) Security goal that generates req for protection from intentional or accidental attempts to perform unauthorized data reads. Confidentiality covers data in storage, during processing, & while in transit. Authorized restrictions on info access & disclosure, including means for protecting personal privacy & proprietary info. Configuration - CORRECT ANSWER relative or functional arrangement of components in a computer system. Configuration Control - CORRECT ANSWER (1) process of controlling modifications to system's hardware, firmware, software, & documentation that provided sufficient assurance that system is protected against introduction of improper modifications prior to, during, & after system implementation. Aka configuration management. Configuration Management definition - CORRECT ANSWER A procedure for applying technical & administrative direction & surveillance to: a. identify & document functional & physical characteristics of an item or system, b. control any changes to such characteristics, & c. record & report change, process, & implementation status. Configuration Management process - CORRECT ANSWER Controlling software & documentation so they remain consistent as they are developed or changed. Management of security features & assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures, & test documentation throughout development & operational life of system; tailored to capacity, size, scope, phase of life cycle, maturity, & complexity of system involved. Compare to configuration control. Contingency Plan - CORRECT ANSWER Aka disaster plan & emergency plan. A plan for responding to loss or failure of a system possibly at alternate location; necessary steps to take in order to ensure continuity of core business processes. It includes emergency response, backup operations, & post-disaster recovery. Control Charts - CORRECT ANSWER Assess a process variation. charts display sequential process measurements relative to overall process average & control limits. upper & lower control limits establish boundaries of normal variation for process being measured. Variation within control limits is attributable to random or chance cause, while variation beyond control limits indicates a process change due to causes other than chance. Conversion - CORRECT ANSWER Changing data &/or existing software into another format. Cookie - CORRECT ANSWER A piece of state info supplied by a web server to a browser, along with a requested resource, for browser to store temporarily & return to server on any subsequent visits or requests. Correctness - CORRECT ANSWER degree to which software or its components is free from faults &/or meets specified requirements &/or user needs. Cost-Benefit - CORRECT ANSWER A criterion for comparing programs & alternatives when benefits can be valued in dollars. Also referred to as benefit-cost ratio, which is a function of equivalent benefits & equivalent costs. Cost-Benefit Analysis - CORRECT ANSWER technique to compare various costs associated with an investment with benefits. Both tangible & intangible factors included. Countermeasures - CORRECT ANSWER Any action, device, procedure, technique, or other measure that reduces vulnerability of or threat to a system. Aka security controls & safeguards. CPU Time - CORRECT ANSWER amount of time that a job or transaction uses a central processing unit (CPU) to complete processing. Credential - CORRECT ANSWER object that authoritatively binds an entity (and optionally, additional attributes) to a token possessed & controlled by a person. Critical Security Parameters (& ex) - CORRECT ANSWER Security-related info (e.g., cryptographic keys, authentication data such as passwords & PINs) appearing in plaintext or otherwise unprotected form & whose disclosure or modification can compromise security of a cryptographic module or security of info protected by module. Cryptographic Function - CORRECT ANSWER provide various algorithms for key generation, random number generation, encryption, decryption, & message digesting. Cryptographic Key definition - CORRECT ANSWER An input to an encryption device that results in cryptotext. A parameter used by a cryptographic process that makes process completely defined & usable only by those having that key. A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Cryptographic Key determines - CORRECT ANSWER transformation of plaintext data into ciphertext data & vice versa, a digital signature computed & verified from data, or a data authentication code computed from data. Cryptographic Keys - CORRECT ANSWER must provide at least 80 bits of protection. This means that it must be as hard to find an unknown key or decrypt a message, given info exposed to an eavesdropper by an authentication, as to guess an 80-bit random number. A cryptographic key is secret to a cryptographic token. Cryptography - CORRECT ANSWER Principles, means, & methods for rendering info unintelligible, & for restoring encrypted info to intelligible form. Also to prevent its undetected modification/unauthorized use. Cryptography: plaintext > ciphertext by encryption & ciphertext > plaintext by decryption. Cultural Assumptions - CORRECT ANSWER Beliefs about internal workings & external environment of an organization which, having worked well in past, have gradually come to be taken for granted, & which provide basis for group consensus about common events & circumstances. Cultural assumptions function as unifying themes of organizational culture. Cyclic Redundancy Check (CRC) - CORRECT ANSWER Use of an algorithm for generating error detection bits in a data link protocol. receiving station performs same calculation as done by transmitting station. If results differ, then one or more bits are in error. Data - CORRECT ANSWER Basic facts about a transaction that can be processed & communicated. Data Architecture - CORRECT ANSWER compilation of data, including who creates & uses it—and how—presents a stable basis for processes & info used by organization to accomplish its mission. Data Communications - CORRECT ANSWER Information exchanged between end-systems in machine-readable form. Data Dictionary - CORRECT ANSWER In a database management program, an on-screen listing of all database files, indices, views, & other files relevant to a database application. Data Encryption Key - CORRECT ANSWER A cryptographic key used for encrypting & decrypting data. Data Encryption Standard (DES) - CORRECT ANSWER (1) A cryptographic algorithm for protection of unclassified data. (2) DES is a U.S. govt-approved (NIST Natl Inst of Standards & Tech), symmetric cipher, encryption algorithm used by business & civilian govt agencies. Advanced Encryption Standard (AES) is designed to replace DES. original "single" DES algorithm is no longer secure because it is now possible to try every possible key with special-purpose equipment or a high-performance cluster. Triple DES, however, is still considered to be secure. Data Integrity - CORRECT ANSWER Data or voice transmissions are in unimpaired condition & not subjected to unauthorized modification whether intentional or inadvertent. Data integrity covers data in storage, during processing, & while in transit. Data Management - CORRECT ANSWER Providing or controlling access to data stored in a computer & use of input or output devices. Data Processing - CORRECT ANSWER A sequence of steps to record, classify, & summarize data using a computer program. Data Security - CORRECT ANSWER protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. Data Structure - CORRECT ANSWER Logical relationships among data units & a description of attributes or features of data (e.g., type, length). Database Management System (DBMS) - CORRECT ANSWER Computer software used to create, store, retrieve, change, manipulate, sort, format, & print info in a database. Also, software that controls organization, storage, retrieval, security & integrity of data in a database. Debug - CORRECT ANSWER To detect, locate, & correct errors & faults in a computer software. Decipher - CORRECT ANSWER Enciphered text > plain text. Decision Table - CORRECT ANSWER use a notation that relates actions that are taken under a wide variety of conditions & are used in defining system requirements. decision table header contains condition stub & action stub, & rule header contains condition entry & action entry. Decision tables use graphics to represent notations. Decrypt - CORRECT ANSWER To convert encrypted text, ciphertext, into its equivalent plaintext through use of a cryptographic algorithm. term decrypt covers meanings of decipher & decode. Decryption - CORRECT ANSWER process of changing ciphertext into plaintext. Defect - CORRECT ANSWER Any state of unfitness for use, or nonconformance to specification. Defense in Depth (info assurance solutions) - CORRECT ANSWER Strategy for establishing an adequate info assurance posture whereby info assurance solutions (1) integrate people, technology, & operations, (2) are layered within & among IT assets, & (3) are selected based on their relative level of robustness. Defense in Depth (implementation) - CORRECT ANSWER Implementation of this approach recognizes that highly interactive nature of info systems & enclaves creates a shared risk environment; thus, adequate assurance of any single asset is dependent upon adequate assurance of all interconnecting assets. Degauss - CORRECT ANSWER 1. To apply a variable, alternating current (AC) field for purpose of demagnetizing magnetic recording media, usually tapes. process involves increasing AC field gradually from zero to some maximum value & back to zero, which leaves a very low residue of magnetic induction on media. 2. Loosely, to erase. Denial of Service - CORRECT ANSWER (1) Prevent system from functioning in accordance with its intended purpose. Includes unauthorized destruction, modification, or delay of service. Aka interdiction. (2) An attack that prevents or impairs authorized use of networks, systems, or applications by exhausting resources. (3) Prevention of authorized access to resources or delaying of time-critical operations. Time-critical; may be milliseconds or it may be hours, depending upon service provided. Deviation - CORRECT ANSWER difference between particular number & average of set. Dial-back - CORRECT ANSWER Same as callback/call-back. (A procedure established for positively identifying a terminal dialing into a computer system by disconnecting calling terminal & reestablishing connection by computer system's dialing telephone number of calling terminal.) Dial-up - CORRECT ANSWER computer terminal can use telephone to initiate & effect communication with a computer. Digital Signature - CORRECT ANSWER nonforgeable result of a cryptographic transformation of data using asymmetric-keys that, when properly implemented with a supporting infrastructure & policy, provides services of: 1. Origin authentication, 2. Data integrity, & 3. Signer non-repudiation. Disaster Recovery Plan (DRP) - CORRECT ANSWER A written plan for processing critical applications in event of a major hardware or software failure or destruction of facilities. Discrete Event Simulation - CORRECT ANSWER abstract mathematical representation of computer system & its workloads that permits estimation of performance of system & related useful parameters using mathematical techniques, & that models individual transactions & jobs as a sequence of discrete events. Discretionary Access Control (DAC) - CORRECT ANSWER A means of restricting access to objects based on identity & need-to-know of user, process &/or groups to which they belong. controls are discretionary in sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Disk Management - CORRECT ANSWER ongoing process of assessing risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing threats & vulnerabilities & selecting appropriate, cost-effective controls to achieve & maintain an acceptable level of risk. Distributed Data - CORRECT ANSWER Data stored in more than one location over a network or several interconnected computers. Distributed Database - CORRECT ANSWER A database that is not stored in a central location, but is dispersed over a network of interconnected computers under overall control of a central database management system whose storage devices are not all attached to same processor. Distributed Processing - CORRECT ANSWER Data processing that is performed by connected computer systems at more than one location; spread among different computers that are linked through a communications network. Domain Name System (DNS) - CORRECT ANSWER Each entity in a network, such as a computer, requires a uniquely identifiable network address for proper delivery of message info. DNS is a protocol used to manage name lookups for converting between decimal & domain name versions of an address. DNS contains a universe of names called name-space. Each name-server is identified by one or more IP addresses. One can intercept & forge traffic for arbitrary name-nodes, thus impersonating IP addresses. Secure DNS can be accomplished with cryptographic protocols for message exchanges between name-servers. Dynamic Binding - CORRECT ANSWER 1. Binding where name/class association is not made until object designated by name is created at execution time. 2. Aka run-time binding or late binding. Message associated with a method during run time, as opposed to compile time; a message can be sent to an object without prior knowledge of object's class. Dynamic Host Configuration Protocol (DHCP) - CORRECT ANSWER Allows network administrators to automate & control from a central position assignment of IP address configurations. DHCP server is required to log hostnames or message authentication code addresses for all clients. DHCP cannot handle manual configurations where a portion of network IP addresses needs to be excluded or reserved for severs, routers, firewalls, & administrator workstations. Thus, DHCP server should be timed to prevent unauthorized configurations. Electromagnetic Emanations - CORRECT ANSWER Signals transmitted as radiation through air & through conductors. Electronic Credentials - CORRECT ANSWER Digital documents used in authentication that bind an identity or an attribute to a subscriber's token. Note that this material distinguishes between credentials & tokens while other materials may interchange these terms. Electronic Data Interchange (EDI) - CORRECT ANSWER A communications standard for electronic exchange of documents, such as purchase orders & invoices, between buyers & sellers. Electronic Signature - CORRECT ANSWER 1. identifies & authenticates a particular person as source of electronic message & 2. indicates such person's approval of info contained in electronic message. Emergency Response - CORRECT ANSWER immediate action taken upon occurrence of events such as fire, flood, civil commotion or disruption, natural disasters, bomb threats, etc. in order to protect lives, limit damage to property, & minimize impact on computer operations. Encapsulation - CORRECT ANSWER packaging of data & procedures into a single programmatic structure. In object-oriented programming languages, encapsulation means that an object's data structures are hidden from outside sources & are accessible only through object's protocol. Encipher / Encrypt - CORRECT ANSWER Plain text > ciphertext, unintelligible, through cipher system / cryptographic algorithm Encryption - CORRECT ANSWER Transform data to an unintelligible form by systematically encoding a bit stream so that original data either cannot be obtained (one-way encryption) or cannot be obtained without using inverse decryption process (two-way encryption) by unauthorized party. End-to-end Encryption - CORRECT ANSWER cryptographic means, from point of origin to point of destination. Enterprise Risk Management (ERM) - CORRECT ANSWER coordinated approach to assess, integrate, & respond to all types of risks facing an organization. These risks include financial risk, hazard risk, strategic risk, & operations risk. Entity - CORRECT ANSWER Any participant in an authentication exchange: claimant &/or verifier, subject (an active element that operates on info or system state) or an object (a passive element that contains or receives info), or body Error (5 defs) - CORRECT ANSWER 1. difference between a computed, observed, or measured value & true, specified, or theoretically correct value or condition.2b. An incorrect step, process, or data definition. Often called a bug. 3. An incorrect result. 4. A human action that produces an incorrect result. 5. deviation of a system from normal operation that may have been caused by a fault. Error Analysis - CORRECT ANSWER use of techniques to detect errors, to estimate/predict number of errors, & to analyze error data both singly & collectively. Error Seeding - CORRECT ANSWER Aka Bebugging. Planting errors in programs. Ethernet - CORRECT ANSWER Ethernet is most widely installed local area network (LAN) technology. Executable Code - CORRECT ANSWER Programs in machine language ready to run in a particular computer environment. Executive Steering Committee - CORRECT ANSWER 1. Manages info portfolio of organization; responsible for developing & sustaining process management approach in organization, including selecting & evaluating reengineering projects. Extensibility - CORRECT ANSWER 1. Ease with which a system can be modified to increase its storage or functional capacity. Aka expansibility. 2. An extensible collection of interfaces, services, protocols, & supporting data formats. Extensible - CORRECT ANSWER capability of being expanded or customized. For example, with extensible programming languages, programmers can add new control structures, statements, or data types. Failover / Fail-over - CORRECT ANSWER backup concept—when one system fails, backup system is automatically activated. Fail Safe / Fail-Safe - CORRECT ANSWER Fail-safe is automatic termination & protection of programs or other processing operations when a hardware or software failure is detected in a computer system. Fail Soft / Fail-Soft - CORRECT ANSWER selective termination of affected nonessential processing when a hardware or software failure is detected in a computer system. Examples of its application can be found in distributed data processing systems. Failure - CORRECT ANSWER Discrepancy between external results of a program's operation & software product requirements. A software failure is evidence of existence of a fault in software. Failure Costs - CORRECT ANSWER Costs associated with evaluating & either correcting or replacing defective products, components, or materials that do not meet quality standards. Fallback Procedures - CORRECT ANSWER In event of failure of transactions or system, fallback procedures are ability to fall back to original or alternate method for continuation of processing. Fault - CORRECT ANSWER 1. A physical malfunction or abnormal pattern of behavior that is causing or will cause, an outage, error, or degradation of communications services on a communications network. 2. An incorrect step, process, or data definition in a computer program. Fault Management - CORRECT ANSWER prevention, detection, reporting, diagnosis, & correction of faults & fault conditions. Fault management includes alarm surveillance, trouble tracking, fault diagnosis, & fault correction. Fault Tolerant Controls - CORRECT ANSWER Hardware devices or software products such as disk mirroring or server mirroring aimed at reducing loss of data due to system failures or human errors; to maintain effectiveness after some subsystems have failed. This is a technical & preventive control & ensures availability control. Fiber Optics - CORRECT ANSWER a light beam (i.e. laser) can be modulated to carry info. A single fiber-optic channel can carry significantly more info than most other means of info transmission. Optical fibers are thin strands of glass or other transparent material. File Infector Virus - CORRECT ANSWER Work by attaching themselves to program files/CPY memory, such as word processors, spreadsheet applications, & computer games. Previously most common; now nearly "extinct" due to changes in operating systems design. File Protection - CORRECT ANSWER aggregate of all processes & procedures in a system designed to inhibit unauthorized access, contamination, or elimination of a file. File Transfer Protocol (FTP) - CORRECT ANSWER A means to exchange files across a network. Finite Population Correction (FPC) Factor - CORRECT ANSWER A multiplier that adjusts for sampling efficiency gained when sampling is without replacement & when sample size is large (greater than 5% or 10%) with respect to population size. This multiplier reduces sampling error for a given sample size or reduces required size for a specified measure of precision (in this case, desired sampling error). Firewall - CORRECT ANSWER Two mechanisms: one to block traffic & other to permit traffic; designed to prevent unauthorized access to or from a private network. Implemented in both hardware & software, or combination of both. All messages entering or leaving intranet pass through firewall, which examines each message & blocks those that do not meet specified security criteria. Firewall Rule Set - CORRECT ANSWER a table of instructions that firewall uses for determining how packets should be routed between its interfaces. In routers, rule set can be a file that router examines from top to bottom when making routine decisions. Flexibility - CORRECT ANSWER Effort required to modify operational program. Forward Engineering - CORRECT ANSWER Traditional process of moving from high-level abstractions & logical, implementation-independent designs to physical implementations of a system. Function - CORRECT ANSWER A set of related activities that is part of a process, often known as a sub-process within a process. Organizations often divide themselves into functional units, such as purchasing, manufacturing, finance, product development, order fulfillment, etc. Gateway - CORRECT ANSWER means of communicating between networks. It is designed to reduce problems of interfacing different networks or devices. networks involved may be any combination of local networks which employ different level protocols or local & long-haul networks. Graphical User Interface (GUI) - CORRECT ANSWER Aka UI. A combination of menus, screen design, keyboard commands, command language, & help screens that together create way a user interacts with a computer. Allows users to move in & out of programs & manipulate their commands by using a pointing device (often a mouse). Hash & Hash Code - CORRECT ANSWER A condensed representation of message, called a message digest. Hash Code - string of bits that is output of a hash function. Hash Algorithm - CORRECT ANSWER Creates a hash based on a message. Hash Function - CORRECT ANSWER A computationally efficient algorithm that maps a variable-sized amount of text (input) or bit string into a fixed-sized output (hash value of 128-bit string). Secure checksum for each message, impossible to change message if checksum is unknown. Hash functions are used in creating digital signatures. Hash Functions satisfy following - CORRECT ANSWER Approved hash functions satisfy following properties: (a) One-way—It is computationally infeasible to find any input that maps to any pre-specified output. (b) Collision resistant—It is computationally infeasible to find any two distinct inputs that map to same output. Histogram - CORRECT ANSWER A frequency distribution diagram in which frequencies of occurrence of different variables being plotted are represented by bars. Host - CORRECT ANSWER Any CPU, from a centralized mainframe to its terminals, to a server that is host to its clients, to a desktop personal computer that is host to its peripherals. In network architectures, a client station (user's machine) is also considered a host because it is a source of info to network in contrast to a device such as a router or switch that directs traffic. Host-Based Security - CORRECT ANSWER technique of securing an individual system from attack. It is dependent on operating system & its version. Hot Site - CORRECT ANSWER A fully operational offsite data processing facility equipped with hardware & system software to be used in event of a disaster. Hydrometer - CORRECT ANSWER Used for measuring relative density of liquids Hygrometer - CORRECT ANSWER measure atmospheric humidity HyperText Markup Language (HTML) - CORRECT ANSWER mechanism used to create web pages. Hypertext Transport Protocol (HTTP) - CORRECT ANSWER native protocol of web, used to transfer hypertext documents. Identification - CORRECT ANSWER recognition of an entity by a system, generally by use of unique machine-readable user names. Identity - CORRECT ANSWER Information that is unique within a security domain & that is recognized as denoting a particular entity within that domain. Identity Proofing - CORRECT ANSWER process by which a CSP & an RA validate sufficient info to uniquely identify a person. Identity-based Security Policy - CORRECT ANSWER based on identities &/or attributes of object (system resource) being accessed & of subject (user, group of users, process, or device) requesting access. Impersonation - CORRECT ANSWER Aka masquerading & mimicking. An attempt to gain access to a computer system by posing as an authorized user. Incident Handling - CORRECT ANSWER mitigation of violations of security policies & recommended practices. Independent Validation & Verification - CORRECT ANSWER Review, analysis, & testing conducted by an independent party throughout life cycle of software development to ensure that new software meets user or contract requirements. Indication - CORRECT ANSWER A sign that an incident may have occurred or may be currently occurring. Individual Accountability - CORRECT ANSWER ability to associate positively identity of a user with method & degree of accesses to a system. Information Flow - CORRECT ANSWER sequence, timing, & direction of how info proceeds through an organization or a computer system. Information Resources - CORRECT ANSWER such as personnel, equipment, funds, & info technology. Information Security - CORRECT ANSWER protection of info & info systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, & availability. A discrete set of info resources organized for collection, processing, maintenance, use, sharing, dissemination, or disposition of info. Information Security Policy - CORRECT ANSWER Aggregate of directives, regulations, rules, & practices that prescribes how an organization manages, protects, & distributes info. Information Systems - CORRECT ANSWER organized collection, processing, maintenance, transmission, & dissemination of info in accordance with defined procedures, whether automated or manual. Information Technology (IT) - CORRECT ANSWER Any equipment or interconnected system or subsystem of equipment that is used in automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or info by executive agency. Includes computers, ancillary equipment, software, firmware, & similar procedures, services (including support services), & related resources. Information Technology (IT) equipment - CORRECT ANSWER equipment is used by an executive agency if equipment is used by executive agency directly or is used by a contractor under a contract with executive agency which requires use of equipment or requires use of equipment in performance of a service or furnishing of a product. Inheritance - CORRECT ANSWER 1. Objects acquire part of their definition from another class (called a superclass). Can be regarded as a method for sharing a behavioral description. 2. A relationship among classes, wherein one class shares structure or behavior defined in one or more other classes. Integrated CASE Tools - CORRECT ANSWER provide for planning, analysis, & design, with fully integrated code generation. These tools are fully integrated so one tool component directly employs info from another. A repository stores knowledge from multiple tools in an integrated manner. Integration Test - CORRECT ANSWER confirm that program units are linked together & interface with files or databases correctly. Integrity (5 defs) - CORRECT ANSWER 1/5 security goals. 1. Authentic accuracy, non-repudiation & accountability of system data, hardware, & software. 2. Sound, unimpaired, or perfect condition; only changed in authorized/detected manner. 3. The security goal that generates req for protection against either intentional or accidental attempts to violate data integrity or system integrity. 4. Quality of a system/product reflecting logical correctness & reliability of operating system; verification info not altered. Interactive Mode - CORRECT ANSWER converse with a computer by giving commands & receiving response in real time. Interface - CORRECT ANSWER boundary between independent systems or modules where communication takes place. Internet Protocol (IP) Address - CORRECT ANSWER unique number for a computer that is used to determine where messages transmitted on Internet should be delivered. Analogous to a house number for ordinary postal mail. Internet Protocol Security (IPsec) - CORRECT ANSWER An IEEE Standard, RFC 2411, protocol that provides security capabilities at Internet Protocol (IP) layer of communications. IPsec's key management protocol is used to negotiate secret keys that protect VPN communications, & level & type of security protections that will characterize VPN. Most widely used key management protocol is Internet key exchange (IKE) protocol. IPsec is a standard consisting of IPv6 security features ported over to current version of IP, IPv4. IPsec security features provide confidentiality, data integrity, & non-repudiation. Interoperability - CORRECT ANSWER two or more systems or components to exchange info & to use info that has been exchanged. It is capability of systems, subsystems, or components to communicate with one another, exchange services, & use info including content, format, & semantics. Intrusion Detection System (IDS) - CORRECT ANSWER (1) Software application that can be implemented on host operating systems or as a network device to monitor for signs of intruder activity, attacks & alerts administrators. (2) A system that detects & identifies unauthorized/unusual activity on hosts & networks; accomplished by creation of audit records & checking audit log against intrusion thresholds. It detects break-ins or break-in attempts either manually or via software expert systems that operate on logs or other info available on network. Inward-Facing - CORRECT ANSWER system that is connected on interior of a network behind a firewall. IP Spoofing - CORRECT ANSWER sending a network packet that appears to come from a source other than its actual source. ISDN - CORRECT ANSWER Integrated services digital network (ISDN) is a worldwide digital communications network evolving from existing telephone services. ISDN Goal - CORRECT ANSWER Goal of ISDN is to replace current analog telephone system with totally digital switching & transmission facilities capable of carrying data ranging from voice to computer transmission, music, & video. Computers & other devices are connected to ISDN lines through simple, standardized interfaces. When fully implemented, ISDN is expected to provide users with faster, more extensive communications services in data, video, & voice. ISO - CORRECT ANSWER International Organization for Standardization—an organization established to develop & define data processing standards to be used throughout participating countries. Isolation - CORRECT ANSWER containment of subjects & objects in a system in such a way that they are separated from one another, as well as from protection controls of operating system. Java - CORRECT ANSWER A programming language invented by Sun Microsystems. It can be used as a general purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets. Jidoka - CORRECT ANSWER A Japanese term used as a method of autonomous control to start or stop operations as control parameters are reached, & to signal operations when necessary. It involves four steps: detect, stop, correct (fix), & investigate [DISC]. A countermeasure is installed after investigating root cause of a problem. Kerberos - CORRECT ANSWER A widely used authentication protocol developed by MIT. In "classic" Kerberos, users share a password with a Key Distribution Center (KDC). User, Alice, who wishes to communicate with another user, Bob, authenticates to KDC & is furnished a "ticket" by KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, protocol is known to be vulnerable to offline dictionary attacks by eavesdroppers who capture initial user-to-KDC exchange. Key - CORRECT ANSWER 1. A long stream of seemingly random bits used with cryptographic algorithms. keys must be known or guessed to forge a digital signature or decrypt an encrypted message. 2. An input that controls transformation of data by an encryption algorithm. It is a sequence of symbols that controls operations of encryption & decryption. Key Escrow - CORRECT ANSWER managing (e.g., generating, storing, transferring, auditing) two components of a cryptographic key by two component holders. A key component is two values from which a key can be derived. Key Management - CORRECT ANSWER handling of cryptographic keys & other related security parameters during entire life cycle of keys, including generation, storage, distribution, entry & use, deletion, destruction, & archiving. Labeling - CORRECT ANSWER process of assigning a representation of sensitivity of a subject or object. Latency - CORRECT ANSWER Time delay in processing voice packets. Leading Organizations - CORRECT ANSWER Aka world-class organizations. recognized as best for at least one critical business process & are held as models for other organizations. Least Privilege - CORRECT ANSWER each subject be granted most restrictive set of privileges needed for performance of authorized tasks. application of this principle limits damage that can result from accident, error, or unauthorized use. Legacy Data - CORRECT ANSWER data &/or info that has not been standardized. Legacy System characteristics - CORRECT ANSWER Also stovepipe systems. a. It was originally designed to meet historical needs of organization, b. It was (or has become) critical to some aspects of business operations, & cannot be readily eliminated, c. It typically has been modified so many times that few, if any, systems analysts or programmers understand system as a whole, & d. It does not have current documentation. License - CORRECT ANSWER Agreement by a contractor to permit use of copyrighted software under certain terms & conditions. Life Cycle Management - CORRECT ANSWER automated info system throughout its expected life, with emphasis on strengthening early decisions that affect system costs & utility throughout system's life. Link Encryption - CORRECT ANSWER application of on-line crypto-operations to a link of a communications system so that all info passing over link is encrypted in its entirety. It provides end-to-end encryption within each link in a communications network. Local Area Network (LAN) - CORRECT ANSWER (1) For intra-building data communications. (2) A group of computers, etc. dispersed over a relatively limited area & connected by a communications link that enables a device to interact with any other on network. A