CSX Study Guide UPDATED ACTUAL
QUESTIONS and CORRECT Answers
Acceptable Interruption Window - CORRECT ANSWER - The maximum period of time
that a system can be unavailable before compromising the achievement of the enterprise's
business objectives.
Acceptable Use Policy - CORRECT ANSWER - A policy that establishes an agreement
between users and the enterprise and defines for all parties the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control list - CORRECT ANSWER - An internal computerized table of access
rules regarding the levels of computer access permitted to logon ID's and computer terminals.
Access Path - CORRECT ANSWER - The logical route that an end user takes to access
computerized information. Typically includes a route through the OS, telecomm software,
selected application software and the access control system.
Access Rights - CORRECT ANSWER - The permission or privileges granted to users,
programs, or workstations to create, change, delete, or view data and files within a system , as
defined by rules established by data owners and the information security policy.
Accountability - CORRECT ANSWER - The ability to map a given activity or event back
to the responsible party.
Advanced Encryption Standard - CORRECT ANSWER - A public algorithm that supports
keys from 128 bits to 256 bits in size.
Advanced persistent threat - CORRECT ANSWER - An adversary that possess
sophisticated level of expertise and significant resources which allow it to create opportunities to
achieve its objectives using multiple attack vectors. It pursues its objectives repeatedly over an
extended period of time, it adapts to defenders efforts to resist it and is determined to maintain
the level of interaction needed to execute its objectives
,Adversary - CORRECT ANSWER - A threat agent
Adware - CORRECT ANSWER - A software package that automatically play displays or
downloads advertising material to a computer after the software is installed on it or while the
application is being used.
Alert situation - CORRECT ANSWER - The point in an emergency procedure when the
elapsed time passes a threshold and the interuption is not resolved.
Alternate facilities - CORRECT ANSWER - Locations and infrastructures from which
emergency or backup processes are executed when the main premises are unavailable or
destroyed; includes buildings offices or data processing centers.
Alternate processes - CORRECT ANSWER - Automatic or maual process designed and
established to continure critical business processes from point of failute to return to normal.
Analog - CORRECT ANSWER - A transmission signal that varies continuously in
amplitude and time and is generated in wave formation. Used in telecommunications.
Anti-malware - CORRECT ANSWER - A technology widely used to prevent, detect, and
remoce many categories of malware including computer viruses, worms, trojans, keyloggere,
malicious browser plug in, adware and spyware.
Anti-virus software - CORRECT ANSWER - An application software deployed at multiple
points in an IT architecture to detect and potentially eliminate virus code before damage is done
and repair or quarentine files that have already been infected.
Application Layer - CORRECT ANSWER - This provides services for an applicaiton
program to ensure that effective communication with another application program in a network is
possible.
, Architecture - CORRECT ANSWER - Decription of the fundamental underlying design of
the components of the business system or of one element of the business system, the
relationships amoung them and the manner in which they support an enterprise.
Asset - CORRECT ANSWER - Something of either tangible or intangible value that is
worth protecting
Asymmetric key - CORRECT ANSWER - A cipher technique used in which different
cryptographic keys are tied to encrypt and decrypt a message.
Attack - CORRECT ANSWER - An actual occurance of an adverse effect
Attack mechanism - CORRECT ANSWER - A method used to deliver the payload and
may involve an exploit delivering a payload to the target.
Attack vector - CORRECT ANSWER - A path or route used by the adversary to gain
access to the target (asset) Two types: ingress and egress
Attenuation - CORRECT ANSWER - Reduction of signal strength during transmission
Audit Trail - CORRECT ANSWER - A visable trail of evidence enabling one to trace
information contained in statements or reports back to the original input source.
Authentication - CORRECT ANSWER - The act of verifying the identity of a user and the
users eligiability to access computerized information.
Authenticity - CORRECT ANSWER - Undisputed authorship.
Availability - CORRECT ANSWER - Ensuring timely and reliable access to and use of
info
QUESTIONS and CORRECT Answers
Acceptable Interruption Window - CORRECT ANSWER - The maximum period of time
that a system can be unavailable before compromising the achievement of the enterprise's
business objectives.
Acceptable Use Policy - CORRECT ANSWER - A policy that establishes an agreement
between users and the enterprise and defines for all parties the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control list - CORRECT ANSWER - An internal computerized table of access
rules regarding the levels of computer access permitted to logon ID's and computer terminals.
Access Path - CORRECT ANSWER - The logical route that an end user takes to access
computerized information. Typically includes a route through the OS, telecomm software,
selected application software and the access control system.
Access Rights - CORRECT ANSWER - The permission or privileges granted to users,
programs, or workstations to create, change, delete, or view data and files within a system , as
defined by rules established by data owners and the information security policy.
Accountability - CORRECT ANSWER - The ability to map a given activity or event back
to the responsible party.
Advanced Encryption Standard - CORRECT ANSWER - A public algorithm that supports
keys from 128 bits to 256 bits in size.
Advanced persistent threat - CORRECT ANSWER - An adversary that possess
sophisticated level of expertise and significant resources which allow it to create opportunities to
achieve its objectives using multiple attack vectors. It pursues its objectives repeatedly over an
extended period of time, it adapts to defenders efforts to resist it and is determined to maintain
the level of interaction needed to execute its objectives
,Adversary - CORRECT ANSWER - A threat agent
Adware - CORRECT ANSWER - A software package that automatically play displays or
downloads advertising material to a computer after the software is installed on it or while the
application is being used.
Alert situation - CORRECT ANSWER - The point in an emergency procedure when the
elapsed time passes a threshold and the interuption is not resolved.
Alternate facilities - CORRECT ANSWER - Locations and infrastructures from which
emergency or backup processes are executed when the main premises are unavailable or
destroyed; includes buildings offices or data processing centers.
Alternate processes - CORRECT ANSWER - Automatic or maual process designed and
established to continure critical business processes from point of failute to return to normal.
Analog - CORRECT ANSWER - A transmission signal that varies continuously in
amplitude and time and is generated in wave formation. Used in telecommunications.
Anti-malware - CORRECT ANSWER - A technology widely used to prevent, detect, and
remoce many categories of malware including computer viruses, worms, trojans, keyloggere,
malicious browser plug in, adware and spyware.
Anti-virus software - CORRECT ANSWER - An application software deployed at multiple
points in an IT architecture to detect and potentially eliminate virus code before damage is done
and repair or quarentine files that have already been infected.
Application Layer - CORRECT ANSWER - This provides services for an applicaiton
program to ensure that effective communication with another application program in a network is
possible.
, Architecture - CORRECT ANSWER - Decription of the fundamental underlying design of
the components of the business system or of one element of the business system, the
relationships amoung them and the manner in which they support an enterprise.
Asset - CORRECT ANSWER - Something of either tangible or intangible value that is
worth protecting
Asymmetric key - CORRECT ANSWER - A cipher technique used in which different
cryptographic keys are tied to encrypt and decrypt a message.
Attack - CORRECT ANSWER - An actual occurance of an adverse effect
Attack mechanism - CORRECT ANSWER - A method used to deliver the payload and
may involve an exploit delivering a payload to the target.
Attack vector - CORRECT ANSWER - A path or route used by the adversary to gain
access to the target (asset) Two types: ingress and egress
Attenuation - CORRECT ANSWER - Reduction of signal strength during transmission
Audit Trail - CORRECT ANSWER - A visable trail of evidence enabling one to trace
information contained in statements or reports back to the original input source.
Authentication - CORRECT ANSWER - The act of verifying the identity of a user and the
users eligiability to access computerized information.
Authenticity - CORRECT ANSWER - Undisputed authorship.
Availability - CORRECT ANSWER - Ensuring timely and reliable access to and use of
info
