Читаем CISSP Practice полностью

A basic and conventional voice telephone system with a wireline (wired) telecommunication connection. POTS contains a POTS coder decoder (CODEC) as a digital audio device and a POTS filter (DSL filter). Three major components of POTS include local loops (analog twisted pairs going into houses and businesses), trunks (digital fiber optics connecting the switching offices), and switching offices (where calls are moved from one trunk to another). A potential risk or disadvantage of POTS is eavesdropping due to physical access to tap a telephone line or penetration of a switch. An advantage of POTS or mobile phone is that they can serve as a backup for PBX and VoIP system during a cable modem outage or DSL line outage.

Plaintext

(1) Data input to the cipher or output from the inverse cipher. (2) Intelligible data that has meaning and can be read, understood, or acted upon without the application of decryption (i.e., plain, clear text, unencrypted text, or usable data). (3) Usable data that is formatted as input to a mode of operation.

Plaintext key

An unencrypted cryptographic key.

Plan of action and milestones (POA&M)

A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.

Plan-do-check-act (PDCA) cycle

The PDCA cycle is a core management tool for problem solving and quality improvement. The “plan” calls for developing an implementation plan for initial effort followed by organization-wide effort. The “do” part carries out the plan on a small scale using a pilot organization, and later on a large scale. The “check” part evaluates lessons learned by pilot organization. The “act” part uses lessons learned to improve the implementation.

Platform

(1) A combination of hardware and the most prevalent operating system for that hardware. (2) It is the hardware and systems software on which applications software is developed and operated. (3) It is the hardware, software, and communications required to provide the processing environments to support one or more application software systems. (4) It is the foundation technology (bottom-most layer) of a computer system. (5) It is also referred to the type of computer (hardware) or operating system (software) being used.

Point-to-point network

Adjacent nodes communicating with one another.

Point-to-Point Protocol (PPP)

Point-to-Point Protocol (PPP) is a character-oriented protocol. It is a data-link framing protocol used to frame data packets on point-to-point lines. It is used to connect a remote workstation over a phone line and to connect home computers to the Internet. The Internet needs PPP for router-to-router traffic and for home user-to-ISP traffic. PPP provides features such as link control protocol (LCP) and network control protocol (NCP). PPP is a multiprotocol framing mechanism for use over modems, HDLC bit-serial lines, and SONET networks. PPP supports error detection, option negotiation, header compression, and reliable transmission using an HDLC. PPP uses byte stuffing on dial-up modem lines, so all frames are an integral number of bytes. PPP is a variant of the HDLC data-link framing protocol and includes PAP, CHAP, and others.

Point-to-Point Tunneling Protocol (PPTP)

A protocol that provides encryption and authentication services for remote dial-up and LAN-to-LAN connections. It has a control session and a data session.

Policy

A document that delineates the security management structure and clearly assigns security responsibilities and lays the foundation necessary to reliably measure progress and compliance.

Policy- Based Access Control (PBAC)

A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, and heuristics).

Policy decision point (PDP)

Mechanism that examines requests to access resources, and compares them to the policy that applies to all requests for accessing that resource to determine whether specific access should be granted to the particular requester who issued the request under consideration.

Policy enforcement point (PEP)

Mechanism (e.g., access control mechanism of a file system or Web server) that actually protects (in terms of controlling access to) the resources exposed by Web services.

Polyinstantiation

Polyinstantiation allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels.

Polymorphism