1.1 Flashcards

1
Q

CIA Triad

A

-confidentiality
-availability
-integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

confidentiality

A

Involves using techniques to allow only approved subjects with the ability to view information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what technique does confidentiality generally use?

A

cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what does confidentiality measure?

A

Measures an attacker’s ability to get unauthorized access to data or information from an application or
system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

confidentiality info includes:

A

-passwords
-cryptographic keys
-personally identifiable (PII)
-personal health info (PHI)
-intellectual property (IP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

examples of confidentiality:

A
  • Using an IPsec virtual private network (VPN)
  • Leveraging mutual Transport Layer Security (TLS) between a web browser and web server or controller
  • Storing sensitive data or credentials in a mobile device partition or secure enclave
  • Implementing Advanced Encryption Standard (AES) encryption on data at rest
    in storage (file, block, object, databases, etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

integrity

A

Involves safeguarding against improper information
modification or destruction

Is a property that data or information have not been
altered or damaged in an unauthorized way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

examples of integrity:

A
  • An operating system that performs a mathematical checksum when a file is moved or copied from one volume to another
  • A frame check sequence conducted on an Ethernet frame when sent from one MAC address to another
  • A hashed message authentication code applied to advertisements sent between neighbor systems such as routers or gateways
  • Implementation of a mandatory access model technique such as Biba or ClarkWilson
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Availability

A

the process of ensuring timely
and reliable access to and use of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

availability is a property of:

A

data, information, applications, systems, or services that are accessible and usable upon demand by an authorized subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

high availability

A

a failover feature to
ensure availability during device or
component interruptions both, planned and unplanned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

examples of availability:

A

Implementing security controls that protect systems and services from spoofing, flooding, denial-of service (DDoS), poisoning, and other attacks that negatively affect the ability to deliver data, content,
or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

non-repudiation

A

refers to enforcing the
inability of a subject to deny that they participated in a digital transaction, agreement, contract, or communication such as an email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

non-repudiation example:

A

if you take a pen and sign a
(legal) contract, your signature is a nonrepudiation device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is the 3 components of AAA?

A

-Authentication
-Authorization
-Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Authentication

A

the process of validating that an
entity (user, application, or system) is who or what they claim to be

-mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Authorization

A

the process of granting an
authenticated entity permission to access a resource or perform a specific function

-optional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Accounting

A

– basically, when did the entity begin, when did it end, and how long did they do it?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Character mode

A

sends keystrokes
and commands (characters) to a
network admission device for the
purpose of configuration or
administration on THAT same device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Packet (or network) mode

A

occurs when the network admission device serves as an authentication proxy on behalf of services in other networks such as the web, File Transfer Protocol (FTP), domain name system (DNS), etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Transmission Control Protocol (TCP)

A

three-way communication handshake before the
authentication process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Accounting is generally implemented for two use cases:

A
  • Monitoring, visibility, and reporting
  • Billing, chargeback, and reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Remote Authentication Dial-in User Service (RADIUS)

A

one of the most popular Internet Engineering Task Force (IETF)-based AAA services, and it is known for exceptional accounting capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

authenticating people

A

confirming that they are who they claim to be

This confirms only those with authorized credentials
gain access to secure systems

25
the most common factors for authenticating people:
Usernames/webmail/email and a password
26
The subjects that can also be authenticated besides people are often called "non-person entities" (NPEs):
* Laptops and pads * Mobile devices * Gateways and load balancers * Robotics systems * Embedded devices * Internet of Things (IoT) endpoints
27
Endpoint (or device) authentication
a security technique designed to ensure that only authorized devices can connect to a given network, site, or service
28
Endpoint fingerprinting
one way to enable authentication of non-traditional network endpoints such as smart card readers, HVAC systems, medical equipment, and IP-enabled door locks
29
endpoint authentication methods
* A shared secret key stored on endpoints (wireless) or infrastructure devices * An X.509 v3 device certificate stored in a software application * A cryptographic key, certificate, or other credential stored at the hardware level in a trusted platform module * A key stored in a hardware security module (HSM) * A protected access file (PAC) in a Cisco infrastructure
30
Authorization model: Discretionary access control (DAC)
grants access control decisions to the resource owners and custodians **most prone to privilege creep
31
DAC offers:
flexibility and allows resource owners to have fine-grained control over access, but it can also result in inconsistent access control decisions
32
privilege creep
gradual accumulation of access rights beyond what individuals need to do their job
33
Authorization model: Role-based access control (RBAC)
grants access based on predefined roles or job titles Users are assigned roles, and access rights are associated with these roles
34
examples of RBAC
* Various roles in a hospital or medical center * Built-in roles in a database management system
35
Authorization model: Mandatory access control (MAC)
a strict mathematical model where access to resources is determined by the system based on predefined security labels and rules **This is a "non-discretionary" model
36
examples of principals that are assigned security clearances or classification levels:
-top secret -secret -confidential
37
Authorization model: Attribute-based access control (ABAC)
grants access based on a combination of characteristics associated with users, resources, and environmental conditions
38
ABAC attributes can include:
user attributes (job title, department) resource attributes (sensitivity level, classification) environmental attributes (time of access, location)
39
Authorization model: Attribute-based dynamic access control (ABDAC)
combines the principles of attribute-based access control (ABAC) with dynamic access control (DAC) It considers dynamic factors such as risk assessment, user attributes, resource attributes, and contextual information to make access control decisions in real time
40
Access control rules define:
conditions or criteria that must be met for access to be granted
41
access control rules can be based of several factors:
user attributes, resource attributes time of access
42
Access decisions are made by:
comparing these rules against the context of the access request – usually IP transport and network layer header metadata
43
security control categories (4):
-technical -managerial -operational -physical
44
technical controls
Are security mechanisms that the specific systems run – either manually or, more often, automated and orchestrated
45
technical controls deliver:
confidentiality, integrity, authenticity, and availability protections
46
common technical controls:
*Identity and access management (IAM) engines *Infrastructure security and device hardening *Cryptographic key management and HSMs *Cloud-based threat modeling tools *SIEM and SOAR systems
47
managerial (administrative) controls
define policies, procedures, best practices, and guidelines
48
examples of managerial controls
* No piggybacking (tailgating) * Acceptable use policies * Best practices and guidelines * Password policies * Screening, hiring, and termination procedures * Mandatory vacations * Training and awareness
49
operational controls
support ongoing maintenance, due care, and continual improvement
50
examples of operational controls:
* Optimizing the change and configuration management database * Performing tested patch management * Conducting awareness and training * Monitoring physical and environmental controls * Conducting incident response and disaster planning testing and drills * Performing software assurance initiatives * Managing mobile devices and mobile applications on an ongoing basis
51
physical controls
are introduced to protect the campus, facility, environment, and people
52
examples of physical controls
* Various physical barriers * Guards and security teams * Cameras and surveillance equipment * Different types of sensors and alarms * Locking mechanisms * Secure safes, cabinets, cages, and areas * Mantraps and Faraday cages * Fire detection and suppression systems * Environmental controls
53
security control types (6):
-Preventative -Deterrent -Detective -Corrective -Compensating -Directive
54
Preventative
Stops an attacker from successfully conducting an exploit or advanced persistent threat
55
Deterrent
Discourages an attacker from initiating or continuing an attack
56
Detective
Identifies an attack that is occurring as well as the steps of the kill chain
57
Corrective
Restores a system to state before the negative event occurred; can simply rectify or correct an identified problem
58
Compensating
Aids controls that are already in place or provides a temporary stopgap solution
59
Directive
Consists of mandatory policies and regulations that are in place to maintain consistency and compliance