1.2 Flashcards

1
Q

Confidentiality

A

Ensures info is accessible only to authorized personnel
- protects personal privacy
- to maintain a business advantage
- to achieve regulatory compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

A

Ensures data remains accurate and unaltered (checksums)
- maintain trust
- to ensure system operability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Availability

A

Ensures info and resources are accessible when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

non-repudiation

A

guarantees that an action or event cannot be denied by the involved parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are ways to achieve confidentiality

A
  • Access Controls
  • Encryption
  • Data Masking
  • Physical Security Measures
    • making sure paper is stored in proper location
  • Training and Awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are ways to achieve integrity

A

Hashing
digital signatures
access controls (ensure only authorized users can modify data)
regular audits (ensure only authorized changes have been made)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are ways to ensure availability?

A

redundancy
- Server, Data, Network, Power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5 commonly used authentication methods?

A

Something you know (knowledge factor)
Something you are
Something you have
Somewhere you are
Something you do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

authentication is important why?

A

To prevent unauthorized access
To protect user privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Authorization

A
  • pertains to the permissions and privileges granted to users or entities after they have been authenticated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Accounting

A

A security measure to track all user activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is accounting important?

A

To create an audit trail
maintain regulatory compliance
perform resource optimization
achieve user accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What tools are used for accounting?

A

syslog servers
network analysis tools
SIEM systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Gap Analysis

A

Process of evaluating the differences between an orgs current state and desired performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Types of Gap analysis?

A

Technical - evaluating orgs current technical infrastructure and identifying where it falls short
Business- Involves evaluating an orgs business processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

POA&M

A

Plan of action and milestones
outlines the specific measures to address each vulnerability allocate resources and set up timelines for each remediation task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Zero Trust

A

demands verification for every device, user and transaction within the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Zero Trust Control Plane

A

The overarching framework and set of components responsible for defining managing and enforcing the policies related to user and system access
adaptive identity
threat scope reduction
policy driven access control
secured zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Adaptive Identity

A

relies on real time validation of user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Threat Scope Reduction

A

limits the user’s access to only what they need for their work tasks because this reduces their attack surfacep

21
Q

policy driven access control

A

entails developing managing and enforcing user access policies based on their roles and responsibilities

22
Q

secured zones

A

isolated environments within a network to house sensitive data

23
Q

Zero Trust Data Plane

A

Ensures policies are properly executed

24
Q

Policy Engine

A

cross reference the access request with pre defined policies

25
Q

policy admin

A

used to establish and manage the access policies

26
Q

policy enforcement point

A

where the decision to grant or deny access is actually executed

27
Q

TTPs

A

Tactics Techniques and Procedures that are specific to a threat actor

28
Q

Honeypot

A

used to gain information about how a threat actor attacks a system. It is a decoy system or network setup to attract hackers. can log data on their successful and unsuccessful attacks

29
Q

Honeynet

A

network of honeypots

30
Q

Honeyfile

A

decoy file with fake data. Alert can be triggered when the file is opened

31
Q

honeytoken

A

a piece of data with no legit value but is monitored for access and use. Any interaction would be suspicious. You can name something root account and see if someone attempts to access

32
Q

What is the purpose of bogus DNS entires?

A

This is a fake domain that will waste an attacker;s time and resources

33
Q

What is the purpose of dynamic page generation for disruption?

A

Used in websites to present ever changing content to web crawlers and confuse or slow a threat actor

34
Q

Port Triggering

A

security mechanism where specific services or ports on a network remain closed until a sepcific outbound traffic pattern is detected

35
Q

What is the purpose of spoofing fake telemetry data?

A

when a system detects a network scan is being attempted by an attacker it can be configured to respond by sending out fake telemetry data

36
Q

Bollard

A

short sturdy vertical posts to prevent vehicle access

37
Q

Brute force attack

A

forcible entry, tampering with devices, confronting security personnel or ramming a vehicle into a barrier

38
Q

Access control vestibule

A

double door system electronically controlled to allow only one door at a time to be opened and closed

39
Q

tailgating

A

an unauthorized person follows an unknowing authorized person

40
Q

Video Surveillance can include the following?

A

Motion detection
night vision
facial recognition

41
Q

PTZ System

A

can move a camera or its angle to better detect issues during an intrusion

42
Q

Types of sensors?

A

infrared, microwave, pressure, ultrasonic

43
Q

What types of badges can be used with access control vestibules?

A

RFID, NFC (Near field communication) and magnetic strips

44
Q

Door lock types

A

Electronic (require identification number, wireless signals like bluetooth, biometric)
Cipher lock - most secure mechanical lock

45
Q

FAR

A

False acceptance rate, someone unauthorized is let in

46
Q

FRR

A

False rejection rate, someone authorized is blocked

47
Q

CER

A

crossover error rate

48
Q

a balance between far and frr

A