Domain 1 Flashcards

1
Q

Requires federal agencies to take extra security measures to prevent unauthorized access to computers that hold sensitive info.
Requires security awareness training to employees.
Assigns NIST for InfoSec and NSA for Crypto

A

U.S. Computer Security Act of 1987

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Prevents unauthorized use or disclosure of information, ensuring that only those who are authorized to access information can do so.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Includes names, addresses, Social Security numbers, contact information, and financial or medical data.

A

Personally Identifiable Information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Includes all information in PII but also includes a patient’s medical records and healthcare payment history.

A

Personal Health Information (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Safeguards the accuracy and completeness of information and processing methods.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ensures that authorized users have reliable and timely access to information, and associated systems and assets when needed.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

General purpose statement that says what the org is, what it does, and why it exists

A

Mission Statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Conduct that a reasonable person exercises in a given situation, which provides a standard for determining negligence.

A

Due Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If an organization fails to follow a standard of due care

A

Culpable Negligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Prudent management and execution of Due Care

A

Due Diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Comprised of a set of activities undertaken by an organization in its attempts to abide by applicable laws, regulations, and standards.

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Classified national defense or foreign relations information
  • Records of financial institutions or credit reporting agencies
  • Government computers
A

U.S. Computer Fraud and Abuse Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Prohibits eavesdropping, interception, or unauthorized monitoring of wire, oral, or electronic communications.
  • Provides legal basis for network monitoring
A

U.S. Electronic Communications Privacy Act (ECPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Establish written standards of conduct for organizations, provide relief in sentencing for organizations that have demonstrated due diligence, and place responsibility for due care on Sr. Mgmt.
  • Fines up to $290 Million
A

U.S. Federal Sentencing Guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Combats industrial espionage, particularly when such activity benefits a foreign entity.
  • Criminal offense to take, download, receive, or possess trade secret information that has been obtained w/o owner authorization
A

U.S. Economic Espionage Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Enacted to combat the use of computer technology to produce and distribute pornography involving children, including adults portraying children

A

U.S. Child Pornography Prevention Act

17
Q
  • Authority to intercept wire, oral, & electronic communications relating to computer fraud and abuse offenses
  • Authorizes access to Voicemail with search warrant
  • Expands list and clarifies scope
  • Allows ISP’s to disclose customer information to law enforcement in emergency situations, w/o exposing provider to civil liability suits
  • Clarifies LEO authority to trace communications on the Internet and other computer networks
A

U.S. Patriot Act

18
Q
  • Established the Public Company Accounting Oversight Board (PCAOB)
  • Established new standards for entities including auditing, governance, and financial disclosures
A

Sarbanes-Oxley Act (SOX)

19
Q

Extends the Computer Security Act by requiring regular audits of U.S. government information systems and organizations providing information services to the U.S. federal government

A

U.S. Federal Information Systems Management Act (FISMA)

20
Q

Establishes standards for sending commercial e-mail, charges the U.S. Federal Trade Commission (FTC) with enforcement provisions, and provides penalties that include fines and imprisonment

A

U.S. Can-SPAM Act

21
Q

Permits U.S.- based organizations to certify themselves as properly handling private data belonging to citizens

A

Safe Harbor

22
Q

Defines 3 criminal offenses related to computer crime: unauthorized access, unauthorized modification, and hindering authorized access

A

The Computer Misuse Act

23
Q

Attempts to protect intellectual property rights by using access control technologies to prevent unauthorized copying or distribution of protected digital media

A

Digital Rights Management (DRM)

24
Q

NIST SP800-53 discusses a set of security controls as what type of security tool?

A

A baseline

25
Q

How many physical disks are required for RAID 1?

A

3

26
Q

What are communication systems that rely on start and stop flags or bits to manage data transmission?

A

Asynchronous

27
Q

Motion detector that uses high microwave frequency signal transmissions to identify potential intruders

A

Wave Pattern

28
Q

Analysis technique that only reports alerts after they exceed a certain threshold. Specific form of sampling.

A

Clipping

29
Q

The____layer transmits data as bits.

A

Physical

30
Q

Known as intelligent fuzzing

A

Generational Fuzzing

31
Q

Variation in the latency for different packets

A

Jitter

32
Q

Suite of specifications used to handle vulnerability and security configuration information

A

(SCAP) Security Content Automation Protocol

33
Q

Types of structural coverage

A

Statement, branch or decision, loop, path, and data flow