Chapter 1 Mastering Security Basics Flashcards
A ___ _____ describes a goal that an organization wants to achieve.
Use case
True or False : A common naming strategy for a use case is in the verb-noun format.
True
List some elements of a use case
- Actors
- Preconditions - must occur before the process can begin
- Trigger - what starts a use case
- Postconditions - occurs after the process is triggered
- Normal flow
- Alternate flow
True or False : A common use case that any organization has is to support confidentiality.
True
_________ prevents the unauthorized disclosure of data.
Confidentiality
_________ scrambles data to make it unreadable by unauthorized personnel.
Encryption
True or False : Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data.
True
List the key elements of access control
- Identification
- Authentication
- Authorization
True or False : Another method you can use for confidentiality is steganography.
True
_________ obscures the data and can be used in a use case to support obfuscation.
Steganography
True or False : Many people refer to steganography as hiding data in plain sight.
True
________ provides assurances that data has not changed.
Integrity
True or False : You can use hashing techniques to enforce integrity.
True
A ____ is simply a number created by executing a hashing algorithm against data, such as a file or message.
Hash
True or False : If the data never changes, the resulting hash will always be the same.
True
List three different meanings for MAC
- Media Address Control - physical address assigned to NICs (burned in address)
- Mandatory Access Control - access control model
- Message Authentication Code - provides integrity similar to hash
True or False : Two key concepts related to integrity are:
- Integrity provides assurances that data has not been modified, tampered with, or corrupted.
- Hashing verifies integrity.
True
True or False : Digital signatures require the use of certificates and a Public Key Infrastructure (PKI). Certificates include keys used for encryption and the PKI provides the means to create, manage, and distribute certificates.
True
__________ indicates that data and services are available when needed.
Availability
True or False : Organizations commonly implement redundancy and fault-tolerant methods to ensure high levels of availability for key systems.
True
_________ adds duplication to critical systems and provides fault tolerance.
Redundancy
True or False : If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption.
True
A common goal of fault tolerance and redundancy techniques is to remove each ______ _____ __ ________
Single point of failure (SPOF).
True or False : Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators. HVAC systems also increase availability.
True