100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
ISC2 - CC EXAM (QUESTIONS WITH 100% CORRECT ANSWERS ) Latest 2024 $11.09   Add to cart

Exam (elaborations)

ISC2 - CC EXAM (QUESTIONS WITH 100% CORRECT ANSWERS ) Latest 2024

 4 views  0 purchase
  • Course
  • Institution

ISC2 - CC EXAM (QUESTIONS WITH 100% CORRECT ANSWERS ) Application Server A computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2 Asymmetric Encryption An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext. Checks...

[Show more]

Preview 3 out of 17  pages

  • April 18, 2024
  • 17
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
ISC2 - CC EXAM (QUESTIONS WITH 100%
CORRECT ANSWERS )
Application Server
A computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2


Asymmetric Encryption
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.


Checksum
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data,
against which later comparisons can be made to detect errors in the data.


Ciphertext
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients.
In other words, it has been turned into a secret.


Classification
Classification identifies the degree of harm to the organization, its stakeholders or others that might
result if an information asset is divulged to an unauthorized person, process or organization. In short,
classification is focused first and foremost on maintaining the confidentiality of the data, based on the
data sensitivity.


Configuration management
A process and discipline used to ensure that the only changes made to a system are those that have
been authorized and validated.


Cryptanalyst
One who performs cryptanalysis which is the study of mathematical techniques for attempting to
defeat cryptographic techniques and/or information systems security. This includes the process of
looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.


Cryptography
The study or applications of methods to secure or protect the meaning and content of messages, files,
or other information, usually by disguise, obscuration, or other transformations of that content and
meaning.


Data Loss Prevention (DLP)
System capabilities designed to detect and prevent the unauthorized use and transmission of
information.


Decryption
The reverse process from encryption. It is the process of converting a ciphertext message back into
plaintext through the use of the cryptographic algorithm and the appropriate key for decryption
(which is the same for symmetric encryption, but different for asymmetric encryption). This term is
also used interchangeably with the "deciphering."

,Degaussing
A technique of erasing data on disk or tape (including video tapes) that, when performed properly,
ensures that there is insufficient magnetic remanence to reconstruct data.


Digital Signature
The result of a cryptographic transformation of data which, when properly implemented, provides the
services of origin authentication, data integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1


Egress Monitoring
Monitoring of outgoing network traffic.


Encryption
The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also
referred to as enciphering. The two terms are sometimes used interchangeably in literature and have
similar meanings.


Encryption System
The total set of algorithms, processes, hardware, software, and procedures that taken together
provide an encryption and decryption capability.


Hardening
A reference to the process of applying secure configurations (to reduce the attack surface) and locking
down various hardware, communications systems, and software, including operating system, web
server, application server, application, etc. Hardening is normally performed based on industry
guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS).


Hash Function
An algorithm that computes a numerical value (called the hash value) on a data file or electronic
message that is used to represent that file or message and depends on the entire contents of the file
or message. A hash function can be considered to be a fingerprint of the file or message. NIST SP 800-
152


Hashing
The process of using a mathematical algorithm against data to produce a numeric value that is
representative of that data. Source CNSSI 4009-2015


Information Sharing
The requirements for information sharing by an IT system with one or more other IT systems or
applications, for information sharing to support multiple internal or external organizations, missions,
or public programs. NIST SP 800-16


Ingress Monitoring
Monitoring of incoming network traffic.


Message Digest

, A digital signature that uniquely identifies data and has the property such that changing a single bit in
the data will cause a completely different message digest to be generated. NISTIR-8011 Vol.3


Operating System
The software "master control application" that runs the computer. It is the first program loaded when
the computer is turned on, and its main component, the kernel, resides in memory at all times. The
operating system sets the standards for all application programs (such as the Web server) that run in
the computer. The applications communicate with the operating system for most user interface and
file management operations. NIST SP 800-44 Version 2


Patch
A software component that, when installed, directly modifies files or device settings related to a
different software component without changing the version number or release details for the related
software component. Source: ISO/IEC 19770-2


Patch Management
The systematic notification, identification, deployment, installation and verification of operating
system and application software code revisions. These revisions are known as patches, hot fixes, and
service packs. Source: CNSSI 4009


Plaintext
A message or data in its natural format and in readable form; extremely vulnerable from a
confidentiality perspective.


Records
The recordings (automated and/or manual) of evidence of activities performed or results achieved
(e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the
information system are performing as intended. Also used to refer to units of related data fields (i.e.,
groups of data fields that can be accessed by a program and that contain the complete set of
information on particular items). NIST SP 800-53 Rev. 4


Records Retention
A practice based on the records life cycle, according to which records are retained as long as
necessary, and then are destroyed after the appropriate time interval has elapsed.


Remanence
Residual information remaining on storage media after clearing. NIST SP 800-88 Rev. 1


Request for change (RFC)
The first stage of change management, wherein a change in procedure or product is sought by a
stakeholder.


Security Governance
The entirety of the policies, roles, and processes the organization uses to make security decisions in
an organization.


Social engineering

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICAIDSTORE. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.09. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75057 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$11.09
  • (0)
  Add to cart