All 3 PT's Flashcards
terms that i didn't recognize
SQL injection
type of injection attack where malicious SQL are inserted into input fields to manipulate a database
EX: 4modifying a SQL query through a web form to retrieve sensitive data from a database
Cross-Site Scripting (XSS):
type of injection attack where malicious scripts are injected into web pages viewed by other users
EX: injecting a script into a comment field on a website to steal cookies or redirect users
Data Sanitization
Process of permanently removing sensitive data to protect it from unauthorized access
EX: using specialized software to overwrite data on a hard drive before disposal
Zero Day Vulnerability
vulnerability that is unknown to the software vendor or to the public
EX: a flaw in a software app that has been discovered by hackers but not yet patched by the vendor
Man in the Middle (MitM)
an attack where the attacked intercepts and possibly alters communication between 2 parties without their knowledge
EX: intercepting unencrypted WIFI traffic to capture login credentials
Cluster Computing
refers to a system where multiple interconnected computers nodes work together as a single unit to enhance computational power, reliability and scalability, used for high performing tasks, load balancing and ensuring high availability in enterprise environments
White Box Testing
Testing approach that examines the internal workings and code of a software app to identify vulnerabilities
EX: source code review, static analysis
bug bounty program
cybersecurity initiative where orgs offer rewards to ethical hackers for identifying vulnerabilities in their systems apps or networks enhancing security
CIAA
Confidentiality, Integrity, Availability, Authentication
Symmetric Encryption
uses same key for both encryption and decryption
EX: AES (advanced Encryption Standard)
Asymmetric Encryption
Uses a pair of keys (public and private) for encryption and decryption
EX: RSA (Rivest-Shamir- Adelman)
Block Cipher
symmetric encryption methods that encrypts and decrypts in fixed sixed blocks, typically 64 or 128 bits. It uses the same cryptographic key for both process and applies a series of mathematical transformations to convert plaintext into cyphertext and vice versa. if the plain text isn’t a multiple of the block size padding is added
Mirror Site
refers to exact duplicate of an original website or data hosted on a different server or location. Uses:
enhance availability: provide redundancy in case the original site goes offline to technical issues or disasters
improve performance: reduces server load and improve access speed by distributing traffic across multiple servers
bypass restrictions: allow access to content in regions where the original sate may be blocked
disaster recovery: serve as a backup for critical data and services
have different URL’s but near identical content
RAID Systems
Redundant Array of Independent Disks data storage technology that combines physical drives into a single logical unit to achieve improved performance, redundancy or both
used enhance data availability and fault tolerance
not a backup solution but method to reduce downtime
Parallel Testing
run both new and old at same time make sure new performs as expected validates functionality, performance and compatibility before fully transitioning to the new systems makes sure it can handle workload without disrupting ongoing operations commonly applied in disaster recovery or during system upgrades
Which of the following terms refer to the specific laws and regulations set by a country’s government that dictate how the personal data of its citizens should be collected, stored, and processed?
Domain
Security Program Management and Oversight OBJ: 5.4
National legal implications
National legal implications are laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy. Consent management is a process that ensures organizations obtain and manage the consent of individuals before collecting or processing their personal data. Data encryption is a method used to protect data from unauthorized access by converting it into a code. The GDPR is a regulation enacted by the European Union to ensure data protection and privacy for all its citizens.
