Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified in Cybersecurity > Chapter 1: Confidentiality, Integrity, Availability, and Non-repudiation > Flashcards

Chapter 1: Confidentiality, Integrity, Availability, and Non-repudiation Flashcards

Understand the security Concepts of Information Assurance

1
Q

What are the three main goals of the CIA Triad?

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

{BLANK} ensures that only authorized individuals have access to information and resources.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the major threats to confidentiality?

A
  • Snooping
  • Dumpster Diving
  • Eavesdropping
  • Wiretapping
  • Social Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The individual engaging in {BLANK} wanders around your ofiice or other facility and simply looks to see what information they can gather.

A

Snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can organizations do to protect against snooping?

A

Enforce a clean desk policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

{BLANK} attacks also look for senstive materials, but the attacker doesn’t walk around the office; instead, they look through the trash, trying to find senstive documents that an employee threw in the garbage or recycling bin.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can organizations do to protect against dumpster diving?

A

Using a paper shredder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two types of eavesdropping?

A
  • Physical
  • Electronic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a physical eavesdropping attack, the attacker simply positions themselves where they can overhear conversations, such as in a cafeteria or hallway, and then listens for sensitive information.

How can an organization protect against this type of attack?

A

By putting rules in place limiting where sensitive conversations may take place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Electronic eavesdropping attacks are also known as wiretapping. They occur when an attacker gains access ro a network and monitors the data being sent elctronically within an office.

What can an organization do to protect against this type of attack?

A

They can use encryption to protect information being sent over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a {BLANK} attack, the attacker uses psychological tricks to persuade an employee to give them sensitive information or access to internal systems.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the best defense against social engineering?

A

The best defense against this attack is educating users to recognize the dangers of social engineering and empower them to intervene when they suspect an attack i staking place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

{BLANK} means there aren’t any unauthorized changes to information.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the major threats to integrity?

A
  • Unauthorized modification of information
  • Impersonation attacks
  • Man-in-the-middle (MitM) attacks
  • Replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The {BLANK} occurs when an attacker gains access to a system and makes changes that violate a security policy.

A

Unauthorized Modification of Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Whats is the best way to protect against unathorized modification of information?

A

Following the priciple of least privilege.

Organizations should carefully consider the permissions that each employee needs to perform their job and then limit employees to the smallest set of permissions possible.

17
Q

In an {BLANK} attack, the attacker pretends to be someone other than who they actually are.

The best defense these attacks is strongt user education.

A

Impersonation

18
Q

Sometime impersonation attacks are electronic. In a {BLANK}, the attacker intercepts network traffic as a user is logging into a system and pretends to be that system. They then sit in the middle of the communication, relaying information between the user and the system while they monitor everything that is occuring.

A

Man-in-the-middle (MitM) attack

19
Q

In a {BLANK}, the attacker doesn’t get in the middle of the communication but finds a way to observe a legitimate user logging into a system. They then capture the information used to log in to the system and later replay it on the network to gain access.

A

Relay Attack

20
Q

What is the best defense against replay and MitM attacks?

A

The use of encryption to protect communications.

21
Q

{BLANK} controls ensure that information and systems remain available to authorized users when needed. They protect against disruptions to normal system operation or data availability.

A

Availability

22
Q

What are the major threats to availability?

A
  • Denial-of-service attacks
  • Power outages
  • Hardware Failures
  • Destruction of Equipment
  • Service Outages
23
Q

{BLANK} occur when a malicious individual bombards a system with an overwhelming amount of network traffic.

A

Denial-of-Service (DoS) attack

24
Q

How can an organization protect its systems against a DoS attack?

A

By using firewalls that block illegitimate request and by partnering with your Internet service provider to block DoS attacks before the reach your network.

25
Q

What can an organization do to protect against power outages?

A

By having redundant power sources and backup generatiors that supply power to your system when commerical power is not available.

26
Q

What can an organization do to protect against hardware failures?

A

By building a system that has built-in redundancy so that if one component fails, another is ready to pick up the slack.

27
Q

What can an organization do to protect destruction of equipment?

A

They can protect against small-scale destruction with redundant systems and for large-scale disasters, they can have backup data centers in remote locations or in a cloud that can keep running when your primary data center is disrupted.

28
Q

What can an organization do to protect against service outages?

A

By building systems that are resilient in the face of errors and hardware failures.

29
Q

{BLANK} is a security goal that prevents someone from falsely denying that something is true.

A

Non-repudiation

30
Q

The {BLANK} references the three main goals of information security: confidentiality, intergrity, and availability.

A

CIA Triad

31
Q

{BLANK} protects senstive information from unauthorized access.

A

Confidentiality

32
Q

{BLANK} protects information and systems from unauthorized modification.

A

Integrity

33
Q

{BLANK} ensures that authorized users have access to information when they need it.

A

Availability

34
Q

{BLANK} uses technical measures to ensure that a user is not able to later deny they took some action.

A

Non-repudiation

35
Q

Which one of the following security risks would most likely be considered an availability issue?

A. Replay attack
B. Power outage
C. Social enineering
D. Snooping

A

Power outage

36
Q

What are the three major obectives of sysbersecurity programs?

A. Confidentialy, integrity, and availability
B. Confidentialy, integrity, and authorization
C. Confidentialy, infrastructure, and availability
D. Communications, infrastructure, and authorization

A

Confidentialy, integrity, and availability

Certified in Cybersecurity (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions