Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity > chapter 2 > Flashcards

chapter 2 Flashcards

1
Q

Basic Security Requirement

Derived Security Requirement

A

identify information system users, processes acting on behalf of users, or devices.
2 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite
to allow access to organizational information systems.

  • use multifactor authentication
  • Enforced a minimum password complexity and change of characters when new passwords are created.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST authentication architectural model

A

1 Registration authority
2 relying party
3 credential service provider
4 relying party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Four means of authenticating user identity

A

Something the individual knows
something the individual possesses
something the individual is
something the individual does

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Assessment for User authentication

A

Assurance level = should increase as risk increases

Potential impact
Areas of risk = include the ability to operate, asset damage, financial loss, harm to individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SP 800-63-3
SP 800-63A
SP 800-63B
SP 800-63C

A

Digital identity guidelines
Enrollment and identity proofing
authentication and lifecycle management
Federation and Assertions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Identity Assurance Level
IAL1
IAL2
IAL3

A

Self-asserted

either remote or in-person

In-person identity proofing is required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authentication Assurance Level
AAL1
AAL2
AAL3

A

AAL1 uses single-factor authentication.

Proof of possession and control of two-factor authentication

Proof of possession of a key through a cryptographic protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Password-Based Authentication is used in access control systems

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Guess-Verify attacks

Keyloggers
Phishing
Social Engineering

A

1st = use some leaked information about passwords

Directly obtain the password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Guess verify Attack

  • Online guessing
  • Offiline guessing
A

Send a guess and receive the response in real-time

Obtain a password file/table, try guesses against the file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lateral Movement

Privilege escalation

A

attack “weakest” door, and then move laterally to
target

get access to any “weak” account, then exploit
bug/design flaw/configuration oversight to gain elevated access to
resources that are normally protected from app/user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cybersecurity (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions