1. Mastering Security Basics Flashcards

1
Q

Use Case​

A

a goal that an organization wants to achieve.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CIA Security Triad

A

Confidentiality, Integrity, and Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Confidentiality

A

prevents the unauthorized disclosure of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Encryption

A

scrambles data to make it unreadable by unauthorized personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three Access Controls?

A

identification, authentication, authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Steganography

A

practice of hiding data in data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Integrity

A

provides assurances that data has not changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hash

A

a number created by executing a hashing algorithm against data, such as a file or a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The 3 MAC’s

A

media access control

mandatory access control

message authentication code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s that acronym?

PKI

A

public key infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Availability

A

idicates that data and services are available when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk

A

is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vulnerability

A

is a weakness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Threat

A

is any circumastance or event that has the potential to compromise confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Incident

A

is an adverse event or series of events that can negatively affect the condifentiality, integrity, or availability of an organization’s informatation technology systems and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk Mitigation

A

reduces the chances that a threat will exploit a vunerability., or reduces the impact of the risk, by implementing security controls.

17
Q

Technical controls and the 6 common types?

A

use technology to reduce vulnerabilities.

Common types:

Encryption

Antivirus Software

Intrusion detection systems (IDSs) and Intruson Prevention Systems (IPSs)

Firewalls

Least Privilege

18
Q

Administration Controls and common types?

A

use methods mandated by organizational policies or other guidlelines.

Also known as Operational Controls

Risk assessments

Vulnerability assessments

Penetrative tests

Awarness and training

Configuration and change managment

Contingency training

Media Protection (physical media)

Physical and enviromental protection

19
Q

Physical Controls

A

are any controls that you can physically touch.

Lighting

Signs

Fencing

Security guard

etc

20
Q

Preventive Controls

A

to prevent security incidents.

Hardening

Security Awareness and training

Security Guards

Change Managment

Account Disablement policy

21
Q

Hardening

A

is the practice of making a system or application more secure than its default configuration.

22
Q

Detective Controls and some common types?

A

attempt to detect when vulnerabilities have been exploited, resulting in a security incident.

Log monitoring

Trend analysis

Security audit

Video surveillance

Motion detection

23
Q

What’s that acronym?

IDS

A

intrusion detection system

24
Q

What’s that acronym?

CCTV

A

closed-circuit television

25
Q

Corrective controls and some common exaples?

A

attempt to reverse the impact of an incident or problem after it has occured.

IPS

Backups and system recovery

26
Q

What’s the acronym?

IPS

A

intrusion prevention system

27
Q

Deterrent controls and some common examples?

A

attempt to discourage a threat.

Many of these controls can also be preventative controls

Cable locks

Hardware locks

28
Q

Compensating controls

A

are alternative controls used instead of a primary control.

TPOTP

29
Q

What’s that acronym?

TOTP

A

Time-based One-Time Password

30
Q

Type I Hypervisors

A

run directly on the system hardware

31
Q

Type II Hypervisors

A

run as software within a host operating system.

32
Q

Kernal

A

central part of the operating system.

33
Q

What’s that acronym?

VM

A

Virtual Machine

34
Q

What’s the acronym?

NIC

A

Network interface card