CSX Study Guide UPDATED ACTUAL Questions and CORRECT Answers
The maximum period of time that a system can be un-
Acceptable Interruption Window available before compromising the achievement of the
enterprise's business objectives.
A policy that establishes an agreement between users and
the enterprise and defines for all parties the ranges of use
Acceptable Use Policy
that are approved before gaining access to a network or
the Internet.
An internal computerized table of access rules regarding
Access Control list the levels of computer access permitted to logon ID's and
computer terminals.
The logical route that an end user takes to access comput-
erized information. Typically includes a route through the
Access Path
OS, telecomm software, selected application software and
the access control system.
The permission or privileges granted to users, programs,
or workstations to create, change, delete, or view data and
Access Rights
files within a system , as defined by rules established by
data owners and the information security policy.
The ability to map a given activity or event back to the
Accountability
responsible party.
A public algorithm that supports keys from 128 bits to 256
Advanced Encryption Standard
bits in size.
An adversary that possess sophisticated level of expertise
and significant resources which allow it to create oppor-
tunities to achieve its objectives using multiple attack vec-
Advanced persistent threat tors. It pursues its objectives repeatedly over an extended
period of time, it adapts to defenders efforts to resist it and
is determined to maintain the level of interaction needed
to execute its objectives
, Adversary A threat agent
A software package that automatically play displays or
downloads advertising material to a computer after the
Adware
software is installed on it or while the application is being
used.
The point in an emergency procedure when the elapsed
Alert situation time passes a threshold and the interuption is not re-
solved.
Locations and infrastructures from which emergency or
backup processes are executed when the main premises
Alternate facilities
are unavailable or destroyed; includes buildings oflces or
data processing centers.
Automatic or maual process designed and established to
Alternate processes continure critical business processes from point of failute
to return to normal.
A transmission signal that varies continuously in amplitude
Analog and time and is generated in wave formation. Used in
telecommunications.
A technology widely used to prevent, detect, and remoce
many categories of malware including computer viruses,
Anti-malware
worms, trojans, keyloggere, malicious browser plug in,
adware and spyware.
An application software deployed at multiple points in an
IT architecture to detect and potentially eliminate virus
Anti-virus software
code before damage is done and repair or quarentine files
that have already been infected.
This provides services for an applicaiton program to en-
Application Layer sure that effective communication with another applica-
tion program in a network is possible.
Architecture
, Decription of the fundamental underlying design of the
components of the business system or of one element of
the business system, the relationships amoung them and
the manner in which they support an enterprise.
Something of either tangible or intangible value that is
Asset
worth protecting
A cipher technique used in which different cryptographic
Asymmetric key
keys are tied to encrypt and decrypt a message.
Attack An actual occurance of an adverse effect
A method used to deliver the payload and may involve an
Attack mechanism
exploit delivering a payload to the target.
A path or route used by the adversary to gain access to the
Attack vector
target (asset) Two types: ingress and egress
Attenuation Reduction of signal strength during transmission
A visable trail of evidence enabling one to trace informa-
Audit Trail tion contained in statements or reports back to the original
input source.
The act of verifying the identity of a user and the users
Authentication
eligiability to access computerized information.
Authenticity Undisputed authorship.
Availability Ensuring timely and reliable access to and use of info
A means of regaining access to a compromised system
Back Door by installing software of configuring exiting software to
enable remote access under attacker defined conditions
The range between the highest and lowest transmitable
frequencies. It equates to the transmission capactiy of an
Bandwidth
electronic line and is expressd in bytes per second or
Hertz(cycles per second)
The maximum period of time that a system can be un-
Acceptable Interruption Window available before compromising the achievement of the
enterprise's business objectives.
A policy that establishes an agreement between users and
the enterprise and defines for all parties the ranges of use
Acceptable Use Policy
that are approved before gaining access to a network or
the Internet.
An internal computerized table of access rules regarding
Access Control list the levels of computer access permitted to logon ID's and
computer terminals.
The logical route that an end user takes to access comput-
erized information. Typically includes a route through the
Access Path
OS, telecomm software, selected application software and
the access control system.
The permission or privileges granted to users, programs,
or workstations to create, change, delete, or view data and
Access Rights
files within a system , as defined by rules established by
data owners and the information security policy.
The ability to map a given activity or event back to the
Accountability
responsible party.
A public algorithm that supports keys from 128 bits to 256
Advanced Encryption Standard
bits in size.
An adversary that possess sophisticated level of expertise
and significant resources which allow it to create oppor-
tunities to achieve its objectives using multiple attack vec-
Advanced persistent threat tors. It pursues its objectives repeatedly over an extended
period of time, it adapts to defenders efforts to resist it and
is determined to maintain the level of interaction needed
to execute its objectives
, Adversary A threat agent
A software package that automatically play displays or
downloads advertising material to a computer after the
Adware
software is installed on it or while the application is being
used.
The point in an emergency procedure when the elapsed
Alert situation time passes a threshold and the interuption is not re-
solved.
Locations and infrastructures from which emergency or
backup processes are executed when the main premises
Alternate facilities
are unavailable or destroyed; includes buildings oflces or
data processing centers.
Automatic or maual process designed and established to
Alternate processes continure critical business processes from point of failute
to return to normal.
A transmission signal that varies continuously in amplitude
Analog and time and is generated in wave formation. Used in
telecommunications.
A technology widely used to prevent, detect, and remoce
many categories of malware including computer viruses,
Anti-malware
worms, trojans, keyloggere, malicious browser plug in,
adware and spyware.
An application software deployed at multiple points in an
IT architecture to detect and potentially eliminate virus
Anti-virus software
code before damage is done and repair or quarentine files
that have already been infected.
This provides services for an applicaiton program to en-
Application Layer sure that effective communication with another applica-
tion program in a network is possible.
Architecture
, Decription of the fundamental underlying design of the
components of the business system or of one element of
the business system, the relationships amoung them and
the manner in which they support an enterprise.
Something of either tangible or intangible value that is
Asset
worth protecting
A cipher technique used in which different cryptographic
Asymmetric key
keys are tied to encrypt and decrypt a message.
Attack An actual occurance of an adverse effect
A method used to deliver the payload and may involve an
Attack mechanism
exploit delivering a payload to the target.
A path or route used by the adversary to gain access to the
Attack vector
target (asset) Two types: ingress and egress
Attenuation Reduction of signal strength during transmission
A visable trail of evidence enabling one to trace informa-
Audit Trail tion contained in statements or reports back to the original
input source.
The act of verifying the identity of a user and the users
Authentication
eligiability to access computerized information.
Authenticity Undisputed authorship.
Availability Ensuring timely and reliable access to and use of info
A means of regaining access to a compromised system
Back Door by installing software of configuring exiting software to
enable remote access under attacker defined conditions
The range between the highest and lowest transmitable
frequencies. It equates to the transmission capactiy of an
Bandwidth
electronic line and is expressd in bytes per second or
Hertz(cycles per second)
