1.what are some examples of detective access controls?
Security guards, supervising users, incident investigations, and intrusion detection systems
什么是一些例子侦探访问控制?
警卫人员,监督用户,事故调查,和入侵检测系统
2. what are some example of physical access controls?
Guards, fences, motion detectors, locked doors, sealed window, light, backups,
cable protection, laptop locks, swipe cards, dogs, CCTV, mantraps, and alarms
有什么例子物理访问控制?
警卫,围墙,运动探测器,锁上车门,密封的窗口中,光,备份,
电缆保护,笔记本锁,刷一下卡,狗,有线电视, mantraps ,和报警器
3 what are the three commonly recognized authentication factors?
something you know, something you have, and something you are
什么是普遍公认的三项认证因素?
你知道,你拥有的,和你的
4 what is a cognitive password?
A series of questions about facts or predefined responses that only the subject should know ( for example, what is you birth date? what is you mother's maiden name?)
什么是认知的密码?
一系列问题有关的事实或预先确定的答复,只有这个问题应该知道(例如,什么是你的出生日期是什么?你母亲的婚前姓名? )
5 name at least eight biometric factors?
Fingerprints, face scans, iris scans, retina scans, palm topography, palm geography, heart/pulse pattern, voice pattern, signature dynamic, keystroke patterns
至少有8名生物因素?
指纹,面部扫描,虹膜扫描,视网膜扫描,手掌 地形,手掌地理,心脏/脉冲模式,语音模式,签字动态,按键模式
palm topography,palm geography 不知道用什麽東東翻譯好
6 what are the issue related to user acceptance of biometric enrollment and throughput rate?
enrollment times longer than two minutes are unacceptable; subject will typically accept a throughput rate of about six seconds or faster
什么样的问题涉及到用户的认可的生物认证方法吞吐率?
注册时间超过两分钟是不能接受的;但通常会接受吞吐量率约6秒或更快
7 what access control technique employes security labels?
Mandatory access controls, subject are labels as to their level of Clearance. Objects are labeled as to their level of classification or sensitivity
什么访问控制技术雇员的安全标签?
强制访问控制,主体被标签根据他们的权限,客体标记根据分类或敏感度
8 The Bell-LaPadula, Biba, and Clerk-Wilson access control models were all designed to project a single aspect of security. Name the corresponding aspect for each model
Bell-LaPaula protects confidentiality; Biba and Clark-Wilson protect integrity.
9 Name the three types of subjects and their roles in a security environment.
the user access objects on a system to perform a work task, the owner is liable for protection of data, the data custodian to classify and protect data
三类主体和他们的角色在一个安全环境。
用户访问对象的系统上执行工作任务时,业主有责任进行保护的数据,这些数据监管者进行分类保管和保护数据
10 explain why the separation of duties and responsibilities is a common security practice
it prevents any single subject from be able to circumvent or disable security mechanisms
解释为什么分离的义务和责任是一个共同的安全做法
它可以防止任何单一的主题能够规避或禁用安全机制
11 what is the principle of least privilege?
Subjects should be granted only the amount of access to objects that is required to accomplish their assigned work tasks.
什么是最小特权原则?
主体只应给予的账户必须完成其指派的工作任务的可以访问的客体。
12 Name the four key principle upon which access control relies
Identification, authentication, authorization, accountability
"访问控制" 赖以依靠的四个主要原则是什么?
鉴定,认证,授权,问责制
13 how are domains related to decentralized access control?
A domain is a realm of trust that shares a common security policy. This is a form of decentralized access control
如何域相关的权力分散的访问控制?
域是境界的信任,有着共同的安全政策。这是一种分散的访问控制
14 why is monitoring an important part of a security policy?
Monitoring is used to watch for security policy violations and to detect unauthorized or abnormal activities.
为什么是监测是安全政策的一个重要组成部分?
监测是用来察看违反的安全政策的行为,并发现未经授权的或不正常的活动
15 what are the functions of an intrusion detection system(IDS)?
An IDS automates the inspection of audit logs and real-time system events, detects intrusion attempts, and watches for violations of confidentiality, integrity, and availability.
入侵检测系统( IDS )的职能是什么?
入侵检测系统自动检查审计日志和实时系统的事件,检测入侵企图,并察看违反保密性,完整性和可用性的行为。
16 what are the pros and cons of a host-based IDS?
It can pinpoint resources compromised by a malicious user.
it can't detect network-only attacks or attacks on other systems, has difficulty detecting Dos attacks, and can be detected by intruders.
有哪些优点和缺点的基于主机的入侵检测系统?
它可以精确的资源受到恶意用户。
它不能检测网络不仅攻击或攻击其他系统,难以检测DoS攻击,可以检测到入侵者。
17 what are the pros and cons of a network-based IDS?
It can monitor a large network and can be hardened against attack. It may be unable to handle large data flows, doesn't work well on switched networks, and can't pinpoint compromised resources
有哪些优点和缺点的基于网络的入侵检测系统?
它可以监测的大型网络,可硬化的攻击。这可能是无法处理庞大的数据流量,以及在交换网络工作不好,并不能确定损害资源
can be hardened against attack --在对抗攻击行为能力比较强,相对host-based IDS
18 what are the differences between knowledge-based and behavior-based detection methods used by IDS?
Knowledge-based uses a signature database and tries to match monitored events to that database.
Behavior-based learns about the normal activities on your system through watching and learning.
入侵检测系统所使用的基于知识的和基于行为的检测方法有什么区别?
以知识为基础的使用特征数据库,并尝试以数据库中的特征码 匹配监测活动。
基于行为为基础的学习您的系统正常活动,通过观察和学习。
19 what is a honey pot, and what is it used for ?
Honey pots are fake networks used to lure intruders in order to create sufficient audit trails for tracking them down and prosecuting. Honey pots contain no real or sensitive data.
什么是蜜罐,和它的作用是什么?
蜜罐是假的网络,被用来欺骗入侵者,以创造足够的审计线索进行跟踪他们动向(down)纪录下来 和流做起诉证据。
蜜罐中没有任何实际的或敏感的数据。
20 how does penetration testing improve your system's security?
penetration testing is a good way to accurately judge the security mechanisms deployed by an organization
如何渗透测试提高您的系统安全吗?
渗透测试是一个好办法来准确判断一个组织部署的安全机制
21 what is a denial-of-service attack?
An attack that prevents the system from receiving, processing, or responding to legitimate traffic or requests for resources and objects
什么是拒绝服务攻击?
攻击,防止系统接收,处理,或应对合法流量或要求的资源和对象
22 what is a spoofing attack?
the attacker pretends to be someone or something other than whom or what they are.
they often replace the valid source and /or destination IP address and node numbers with false ones.
什么是欺骗攻击?
攻击者假装某人或某事
他们经常用假的取代有效来源和/或目的地IP地址和节点数目。
23 what are countermeasure to spoofing attacks?
countermeasures to spoofing attacks include patching the OS and software,
enabling source/destination verification on routers, and employing an IDS to detect and block attacks.
有哪些欺骗攻击的对策?
欺骗攻击的对策包括 修补操作系统和软件,
使能 源/目的地路由器核查,并部署了入侵检测系统来检测和阻止攻击。
24 what is a man-in-the-middle attack?
An attack in which a malicious user is positioned between the two endpoints of a communication's link
是什么人在中间的攻击?
在攻击中,恶意用户位于两个端点通信的链接之间
25 what is a replay or playback attack?
it is similar to hijacking.
A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the time stamp and source IP address
什么是重播或重放攻击?
它类似于劫持。
恶意用户记录的客户端和服务器之间的流量,然后转发给服务器,只是时间戳记和源IP地址稍有不同
當然是多謝google 翻譯的幫助。 ^_^
博文
没有评论:
发表评论