Ch. 5 - Security Operations Flashcards
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum
B. Asymmetric Encryption
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.
A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum
D. Checksum
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.
A. Plaintext
B. Ciphertext
C. Classified
D. Cipher Script
B. Ciphertext
A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.
Consists of the following: Identification, Baseline, Change Control, and Verification & Audit.
A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management
C. Configuration Management
It is the process of converting a ciphertext message back
into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption).
A. Encryption
B. Decryption
C. Encapsulation
D. Decapsulation
B. Decryption
The process and act of converting the message from its plaintext to ciphertext.
A. Encryption
B. Decryption
C. Encapsulation
D. Decapsulation
A. Encryption
A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system,
web server, application server, application, etc. Normally performed based on industry guidelines and benchmarks.
A. Patching
B. Hacking
C. Hashing
D. Hardening
D. Hardening
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
A. Symmetric Encryption
B. Asymmetric Encryption
C. Hashing
D. Checksum
C. Hashing
Source CNSSI 4009-2015
The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs.
A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management
D. Patch Management
Source: CNSSI 4009
A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality perspective.
A. Plaintext
B. Ciphertext
C. Classified
D. Cipher Script
A. Plaintext
The first stage of change management, wherein a change in procedure or product is sought by a stakeholder.
A. Rollback
B. Request for Change (RFC)
C. Approval
D. Request to Modify (RTM)
B. Request for Change (RFC)
Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building.
A. Hacking
B. Impersonating
C. Social Engineering
D. Phishing
C. Social Engineering
An algorithm that uses the same key in both the encryption and the decryption processes.
A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum
A. Symmetric Encryption
Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities.
A. Whaling
B. Spear Phishing
C. Snarfing
D. Vishing
A. Whaling
Which process consists of the following components:
Request for Change, Approval, and Rollback
A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management
A. Change Management