Читаем CISSP Practice полностью

Polymorphism refers to being able to apply a generic operation to data of different types. For each type, a different piece of code is defined to execute the operation. In the context of object systems, polymorphism means that an object’s response to a message is determined by the class to which it belongs.

Pop-up window

A standalone Web browser pane that opens automatically when a Web page is loaded or a user performs an action designed to trigger a pop-up window.

Port

(1) A physical entry or exit point of a cryptographic module that provides access to the module for physical signals represented by logical information flows (physically separated ports do not share the same physical pin or wire). (2) An interface mechanism (e.g., a connector, a pin, or a cable) between a peripheral device (e.g., terminal) and the CPU.

Port protection device (PPD)

A port protection device is fitted to a communication port of a host computer and authorizes access to the port itself, prior to and independent of the computer’s own access control functions.

Port scanner

A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

Portal

A high-level remote access architecture that is based on a server that offers teleworkers access to one or more application systems through a single centralized interface.

Portal VPN

A single standard secure socket layer (SSL) connection to a website to secure access to multiple network services.

Portfolio management

It refers to activities related to the management of IT resources, as one would manage investments in a stock portfolio. The IT portfolio facilitates the alignment of technology investments with business needs and focuses on mitigating IT investment risks.

Ports

Ports are commonly used to gain information or access to computer systems. Well-known port numbers range from 0 through 1,023, whereas registered port numbers run from 1,024 through 49,151. When a service is requested from unknown callers, a service contact port (well-known port) is defined.

Possession and control of a token

The ability to activate and use the token in an authentication protocol.

Post office protocol (POP)

A standard protocol used to receive electronic mail from a server. It is a mailbox access protocol defined by IETF RFC 1939 and is one of the most commonly used mailbox access protocols.

Potential impact

The loss of confidentiality, integrity, or availability could be expected to have (1) a limited adverse effect (low), (2) a serious adverse effect (moderate), or (3) a severe or catastrophic adverse effect (high) on organizational operations, systems, assets, individuals, or other organizations.

Power monitoring attack

Uses varying levels of power consumption by the hardware during computations. It is a general class of side channel attack (Wikipedia).

Pre-activation state

A cryptographic key lifecycle state in which a key has not yet been authorized for use.

Pre-boot authentication (PBA)

The process of requiring a user to authenticate successfully before decrypting and booting an operating system.

Precursor

(1) A sign that a malware attack may occur in the future. (2) A sign that an attacker may be preparing to cause an incident.

Pre-message secret number

A secret number that is generated prior to the generation of each digital signature.

Presentation layer

Portion of an ISO/OSI reference model responsible for adding structure to data units that are exchanged.

Pre-shared key

Single key used by multiple IPsec endpoints to authenticate endpoints to each other.

Pretexting

Impersonating others to gain access to information that is restricted. Synonymous with social engineering.

Pretty Good Privacy (PGP)

(1) A standard program for securing e-mail and file encryption on the Internet. Its public-key cryptography system allows for the secure transmission of messages and guarantees authenticity by adding digital signatures to messages. (2) A cryptographic software application for the protection of computer files and electronic mail. (3) It combines the convenience of the Rivest-Shamir-Adleman (RSA) public-key algorithm with the speed of the secret-key IDEA algorithm, digital signature, and key management.

Preventive controls

Actions taken to deter undesirable events and incidents from occurring in the first place.

Preventive maintenance

Computer hardware and related equipment maintained on a planned basis by the manufacturer, vendor, or third party to keep them in a continued operational condition.

Prime number generation seed