Authentication, authorization, and accounting

Question 1

Access controls:

Answer 1

Security controls that manage access, authorization, and accountability of information

Question 2

Application programming interface (API) token

Answer 2

A small block of encrypted code that contains information about a user

Question 2

Asymmetric encryption:

Answer 2

The use of a public and private key pair for encryption and decryption of data

Question 2

Algorithm:

Answer 2

A set of rules used to solve a problem

Question 3

Basic auth

Answer 3

The technology used to establish a user’s request to access a server

Question 4

Bit:

Answer 4

The smallest unit of data measurement on a computer

Question 5

Brute force attack:

Answer 5

The trial and error process of discovering private information

Question 6

Cipher:

Answer 6

An algorithm that encrypts information

Question 7

Cryptographic key:

Answer 7

A mechanism that decrypts ciphertext

Question 8

Cryptography:

Answer 8

The process of transforming information into a form that unintended readers can’t understand

Question 9

Encryption:

Answer 9

The process of converting data from a readable format to an encoded format

Question 9

Data owner:

Answer 9

The person that decides who can access, edit, use, or destroy their information

Question 10

Hash function:

Answer 10

An algorithm that produces a code that can’t be decrypted

Question 10

Data custodian:

Answer 10

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Question 11

Digital certificate:

Answer 11

A file that verifies the identity of a public key holder

Question 12

Hash collision:

Answer 12

An instance when different inputs produce the same hash value

Question 12

Identity and access management (IAM):

Answer 12

A collection of processes and technologies that helps organizations manage digital identities in their environment

Question 13

Hash table:

Answer 13

A data structure that’s used to store and reference hash values

Question 13

Information privacy:

Answer 13

The protection of unauthorized access and distribution of data

Question 14

Non-repudiation:

Answer 14

The concept that the authenticity of information can’t be denied

Question 15

Multi-factor authentication (MFA):

Answer 15

A security measure that requires a user to verify their identity in two or more ways to access a system or network

Question 15

OAuth:

Answer 15

An open-standard authorization protocol that shares designated access between applications

Question 16

Payment Card Industry Data Security Standards (PCI DSS):

Answer 16

A set of security standards formed by major organizations in the financial industry

Question 17

Personally identifiable information (PII):

Answer 17

Any information used to infer an individual’s identity

Question 17

Protected health information (PHI):

Answer 17

Information that relates to the past, present, or future physical or mental health or condition of an individual

Question 17

Principle of least privilege:

Answer 17

The concept of granting only the minimal access and authorization required to complete a task or function

Question 17

Public key infrastructure (PKI):

Answer 17

An encryption framework that secures the exchange of online information

Question 18

Rainbow table:

Answer 18

A file of pre-generated hash values and their associated plaintext

Question 19

Salting:

Answer 19

An additional safeguard that’s used to strengthen hash functions

Question 20

Security assessment:

Answer 20

A check to determine how resilient current security implementations are against threats

Question 21

Security audit:

Answer 21

A review of an organization’s security controls, policies, and procedures against a set of expectations

Question 22

Security controls

Answer 22

Safeguards designed to reduce specific security risks

Question 23

Separation of duties

Answer 23

The principle that users should not be given levels of authorization that would allow them to misuse a system

Question 24

Session ID:

Answer 24

A unique token that identifies a user and their device while accessing a system

Question 24

Session:

Answer 24

A sequence of network HTTP basic auth requests and responses associated with the same user

Question 24

Session cookie:

Answer 24

A token that websites use to validate a session and determine how long that session should last

Question 25

Session hijacking:

Answer 25

An event when attackers obtain a legitimate user’s session ID

Question 26

Single Sign-On (SSO):

Answer 26

A technology that combines several different logins into one

Question 27

Symmetric encryption:

Answer 27

The use of a single secret key to exchange information

Question 28

User provisioning:

Answer 28

The process of creating and maintaining a user’s digital identity