additional cards Flashcards
Credential Service Provider levels, what each level means, what each level provides in terms of confidence
Identity Assurance Level 1 (IAL1) – self assertion, lowest
Identity Assurance Level 2 (IAL2) – proof is required, medium
Identity Assurance Level 3 (IAL3) – requires in-person verification, highest
AAL1 – provides some confidence. …
AAL2 – provides high confidence. …
AAL3 – provides very high confidence.
HAVAL,invented by 3 people when
HAVAL was invented by Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry in 1992.
4th amendment
search and seizure
CVSS scoring,numbers for low, medium, high and critical
CVSS Score Qualitative Rating
0.1 – 3.9 Low
4.0 – 6.9 Medium
7.0 – 8.9 High
9.0 – 10.0 Critical
shimmer attack
aka skimmer, credit card reader device that collects credit card information
most common cause of false positives
improper configuration
enumerate ram with speed and integrity
static vs dynamic
Static RAM (SRAM),
doesn’t need to refresh and is typically faster, 10 ns, 100 X more expensive, used in consumer electronics, cpu’s, hd cache, network cache, scientific devices, automotive devices, keeps memory after power is gone, uses less power, lower capacity, longer data life, lower density, uses transistors, each memory cell stores 1 bit
Dynamic RAM (DRAM)
Synchronous Dynamic RAM (SDRAM)
Single Data Rate Synchronous Dynamic RAM (SDR SDRAM)
Double Data Rate Synchronous Dynamic RAM (DDR SDRAM, DDR2, DDR3, DDR4)
normal ram for computers, slower, uses capacitors, requires power on for memory to be preserved, volatile and requires refreshing, larger capacity, more power, shorter data life, higher density
main security control of secure password
complexity
when deciding on open vs closed source software what is primary concern
potential for misuse of the software by malicious actors
most important factor to consider when implementing new security protocol
level of security provided
FIRST step that should be taken to address tampering of a company’s critical systems
disconnect affected systems to prevent further damage
What is the difference between a risk assessment and a threat assessment
A risk assessment is a proactive measure that identifies potential vulnerabilities and the risks associated with them,
threat assessment is a process that identifies and analyzes the current threats to an organization.
For an effective risk assessment, which activity would be most critical
accurate identification and cataloging of all assets
Who would decide our organization’s risk appetite?
Risk Management Team
database integrity errors, 4 types
RUDE
Referential integrity - the logical dependency of a foreign key on a primary key
User-defined integrity - acts as a way to catch errors which domain, referential and entity integrity do not
Domain integrity - series of processes that guarantee the accuracy of pieces of data within a domain
Entity integrity - each row of a table has a unique and non-null primary key value
the MOST effective measure for physical security
Implementing strict access control policies
the MOST commonly used logical addressing scheme
IP address
the PRIMARY benefit of virtualization
Increased flexibility
the BEST way to ensure privacy in online transactions
using vpn
an attacker is using a digraph attack, what is the attacker looking for
A specific pattern in the system’s password structure
the LEAST essential step in the data lifecycle management process
data backup
When considering a transition to SESAME, what should be your primary concern
resistance to change because kerberos is native to most o/s’s
the PRIMARY indicator that a cryptographic failure has occurred
the appearance of unusual error messages during communication sessions
fastest way to securely access cloud data
A private connection over a dedicated line