CH1 Mastering Security Basics Flashcards
True or False:
Confidentiality, integrity, and availability form the CIA security triad, which is a model used to guide an organization’s security principles.
True
Page 2822
What is the security triad described as?
A model used to guide an organization’s security principles.
What is the name of the model used to guide an organization’s security principle’s ?
Security/CIA triad
What factors make up the security triad?
Confidentiality
Integrity
Availability
What does CIA stand for?
Confidentiality
Integrity
Availability
Confidentiality, Integrity, and Availability are factors for what model?
Security/CIA triad
What describes a goal that an organization wants to achieve?
Use case
A use case describes what?
A goal that an organization wants to achieve
What is a common naming convention for a use case?
Verb-noun
Give an example(s) of a well named use case
Place order
Login to system
What common elements make up a use case?
- Actors
- Precondition
- Trigger
- Post condition
- Normal flow
- Alternate flow
Match the elements below with their definitions
- Alternate flow
- Post condition
- Precondition
- Trigger
- Actors
- Normal flow
A. Starts the use case
B. Occurs after the process is triggered
C. General steps a process follows
D. Exception steps a process could follow
E. An entity which performs an action
F. Required to be done before so the process can begin
1, D 2, B 3, F 4, A 5, E 6, C
List a few elements of a use case
- Actors
- Precondition
- Trigger
- Post condition
- Normal flow
- Alternate flow
What does confidentiality do?
Prevents the unauthorized disclosure of data
What is the prevention of unauthorized disclosure of data known as?
Confidentiality
What scrambles data to make it unreadable by unauthorized entities?
Encryption
What does encryption do?
Scrambles data to make it unreadable by unauthorized entities
What does AES stand for?
Advanced Encryption Standard
What does DES stand for?
Data Encryption Standard
List three access control elements
- Identification
- Authentication
- Authorization
What is identification?
Unique attributes that make up an entity
What is Authentication?
The process of determining if an entity is who they claim to be
What is Authorization?
The process of determining what permission an entity has for data and systems
Match the term to the meaning
- Identification
- Authorization
- Authentication
A. The process of determining what permission an entity has for data and systems
B. The unique attributes that make up an entity
C. The process of determining if an entity is who they claim to be
1, B
2, A
3, C
Access controls are used to ______ and ______ access
A. Prevent, Protect
B. Grant, Restrict
C. Prime, Lock
D. Test, Break
B. Grant, Restrict
What is the best way to protect data confidentiality?
Encryption
Choose all answers that are true
Encryption is ____
A. The act of scrambling data to be unreadable to unauthorized users
B. Not used to secure data
C. The best way to protect data confidentiality
D. A protocol only used by hackers
A. The act of scrambling data to be unreadable to unauthorized users
and
C. The best way to protect data confidentiality
What helps to protect confidentiality?
Access controls
______ provides assurance that data has not changed
Integrity
What does integrity provide assurance of?
That data has not changed
Integrity provides assurance that _____ has not ____
Data has not changed
What causes a loss of integrity?
A. Unauthorized change to data
B. Unintended changes
C. System errors
D. All of the above
D. All of the above
List a technique which enforces integrity
Hashing
Hashing is a technique which enforces _____
Integrity
What does SHA stand for with respect to data integrity?
A. Secure Hashing Access
B. Secure Hashing Ability
C. Secure Hashing Availability
D. Secure Hashing Algorithm
D. Secure Hashing Algorithm
What does a hashing algorithm do?
A. Generates a variable length of reversible output
B. Encrypts data using a key
C. Creates a fixed length of irreversible output
D. Obfuscates data
C. Creates a fixed length of irreversible output
How does a hashing algorithm ensure integrity?
A. It doesn’t
B. Comparing hash outputs on the same data during different times. If they match the data has not changed.
B.
True or False:
Hashes identify what has changed in data
False
It can only generate output used for comparison. It does not indicate what differences exist
What are some ways hashing is used to ensure data integrity?
A. Sending/Receiving e-mail
B. Downloading files
C. Uploading files
D. Migrating data
A. Sending/Receiving e-mail
and
B. Downloading files
True or False
Availability means data and services are available when needed.
True
What is used to ensure high levels of availability in organizations?
A. Fault tolerance
B. Encryption
C. Redundancy
D. Hashing
A. Fault tolerance
C. Redundancy
Fault tolerance and ______ are used to ensure high levels of availability
Redundancy
Redundancy and _____ _____ are used to ensure high levels of availability
Fault tolerance
Redundancy adds ____ to critical systems
A. Decoupling
B. Complexity
C. Duplication
D. Encryption
C. Duplication
Duplication is added to critical systems for
A. Reversal
B. Removal
C. Regression
D. Redundancy
D. Redundancy
Fault tolerance is the ability to
A. Prevent disruption in service
B. Manage large loads of data
C. Segregate roles and responsibilities
D. Remove malicious software
A. Prevent disruption in service
A goal of redundancy and fault tolerance is to remove:
A. Worms
B. Viruses
C. Single Points of Failure
D. Spyware
C. Single points of failure
What does SPOF stand for?
Single points of failure
True or False
An SPOF is a failure that causes an entire system failure
True
An SPOF is a failure that causes
A. Minimal outages
B. Intermittent system failure
C. Entire system failure
D. Partial system failure
C. Entire system failure
Match the fault tolerance and redundancy methods with their definitions
- Disk redundancies
- Server redundancies
- Network redundancies
- Power redundancies
A. Multiple communication paths
B. Multiple servers
C. Multiple disks
D. Multiple power sources
1, C
2, B
3, A
4, D
RAID-1, RAID-5, RAID-10, and backups are configurations of which fault tolerance and redundancy method?
A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies
A. Disk redundancies
Failover clusters are configurations of which fault tolerance and redundancy method?
A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies
B. Server redundancies
Load balancing and network interface card teaming are configurations of which fault tolerance and redundancy method?
A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies
C. Network redundancies
Uninterruptible power supplies and power generators are examples of which fault tolerance and redundancy method?
A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies
D. Power redundancies
Scalability and elasticity contribute to ____ ____
A. Low availability
B. Intermittent availability
C. High availability
D. Remote availability
C. High availability
The difference between scalability and elasticity is
A. Scalability is for static configurations and elasticity is for dynamic configurations
B. The amount of hardware required
C. The amount of software required
D. The amount of cost
A. Scalability is for static configurations and elasticity is for dynamic configurations
Scaling up/out ____ resources. Scaling down/in_____ resources
Increases, decreases
Cloud resources typically have _____ capability
A. Static
B. Dormant
C. Elastic
D. Diverse
C. Elastic
Another method of ensuring availability is
A. Encrypting
B. Hashing
C. Authenticating
D. Patching
D. Patching
______ helps systems heal themselves and recover from faults with minimal downtime
Resiliency
True or False
Resiliency methods are similar to high availability methods of redundancy and fault tolerance
True
Resiliency incorporates _______ failed sequences
Retrying
Organizations frequently need to balance resources with _______
A. Data integrity
B. Scalability
C. Security constraints
D. Redundancy
C. Security constraints
Why is there a need to balance resources and security constraints?
A. Costs
B. Time
C. Availability
D. Confidentiality
A. Costs
To implement highest security constraints can be costly and are result in a company not being profitable
_____ is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
A. Resources
B. Redundancy
C. Reputation
D. Risk
D. Risk
Risk is
A. When there are no threats to an exploited vulnerability
B. When all systems are operational with no issues
C. The basics of security
D. When there is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss
D. When there is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss
A ______ is a weakness.
Vulnerability
A vulnerability is known as a ______ in security
Weakness
A ________ is an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Security incident
True or False
A security incident is an adverse event or series of events that can negativity affect the confidentiality, integrity or availability of an organization’s information technology (IT) systems and data
True
A security event can include which of the following:
A. Intentional attacks
B. Malicious software (malware) infections
C. Accidental data loss
D. All of the above
D. All of the above
_________ reduces the chances that a threat will exploit a vulnerability.
Risk mitigation
Risk mitigation
A. increases the chances that a threat will exploit a vulnerability.
B. has no impact on the chances that a threat will exploit a vulnerability.
C. reduces the chances that a threat will exploit a vulnerability.
D. All of the above
C. reduces the chances that a threat will exploit a vulnerability.
What is used to reduce risk?
A. Containers
B. Constants
C. Controls
D. Contents
C. Controls
True or False
You can’t prevent most threats
True
True or False
You can only reduce the risk of threats
True
