Chapter 7 Flashcards

1
Q

complex ensemble of techniques, technologies, regulations, and behaviors that collaboratively protect the integrity of and access to computer systems and data

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality

A

characteristic of something made accessible to authorized parties only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Integrity

A

characteristic of not having been altered by an unauthorized party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability

A

characteristic of being accessible and usable during a specified time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authenticity

A

is the characteristic of something having been provided by an authorized source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Non-repudiation

A

inability of a party to deny or challenge the authentication of an interaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Controls

A

Counter measures used to prevent or respond to security threats and reduce/avoid risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Mechanisms

A

are components comprising a defensive framework that protects IT resources, information, and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Counter measures are typically described in terms of

A

security mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security policy

A

establishes a set of security rules and regulations and how they’re implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Risk

A

is the potential unwanted and unexpected loss that may result from a give action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Vulnerability

A

flaw, gap or weakness in an IT env that leaves an organization open to breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

occurs when an attacker is able to take advantage of vulnerabiltiy

A

exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

vulnerability that an organization is either unaware of or for which it has not been able to yet provide a patch or fix

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

any incident that may result in unauthorized access to information or systems.

A

Security Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

type of security breach whereby an attacker is able to steal confidential information.

A

data breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

data leak

A

occurs when sensitive info os shared with an unauthorized party without an attack taking place

18
Q

potential attack that poses danger or risk

A

threat

19
Q

… when a treat is carried out by an attacker

A

attack

20
Q

Different types of attackers

A

cyber criminals
malicious users
cyber activists
state-sponsored attackers

21
Q

attacker that has successfully gained unauthorized access

A

intruder

22
Q

attack vector

A

path an attacker takes to exploit vulnerabilities

23
Q

collection of attack vector

A

attack surface

24
Q

an entity that poses a threat because it is capable of carrying out an attack

A

threat agent

25
Q

Anonymous attacker

A

non-trusted cloud service consumer without permission and exploits using network-level attacks

26
Q

able to intercept and forward network traffic

A

malicious service agent

27
Q

trusted attacker(malicious tenants)

A

abuses the trust boundary in a cloud environment to exploit legitimate credentials to access confidential info

28
Q

Malicious insiders

A

human threat agents acting on behalf or in relation to a cloud provider

29
Q

Traffic eavesdropping

A

a cyber threat where data transferred is intercepted by a malicious service agent passively

30
Q

Malicious intermediary

A

messages are intercepted and altered by a malicious service agent

31
Q

DoS

A

overload IT resources so that can’t function properly

32
Q

Insufficient Authorization

A

occurs when access is granted to an attacker too broadly

33
Q

Variation of insufficient authorization

A

weak authentication

34
Q

Virtualization attack

A

exploits vulnerabilities in the virtualization platform to jeopardize its confidentiality, integrity, and/or availability

35
Q

Explain one-service per physical server deployment

A

a method to mitigate containerization attack where all containers deployed on a host are the same

36
Q

software program designed to cause harm

A

malware

37
Q

Types of malware

A
  1. Virus - spread by infecting and replicating
  2. Trojan - appears to be legitimate service
  3. Spyware - type of malware that collects information
  4. Adware - unwanted ads
  5. Ransomware - restricts data access and requires ransom
  6. Crypto jacking - practice of using browser based programs that run scripts in web content
38
Q

Insider threat

A

potential damage that can be inflicted by an organization’s staff and others that may have access to the organization’s premises or systems

39
Q

Common types(3) of insider threat

A

malicious
accidental
negligent

40
Q

form of social engineering that uses electroning comms to send fraudulent data

A

phishing

41
Q

Bots and Botnets

A

Bots - programs that can receive remote instructions and perform attacks. They are type of malware.
Botnet - a swarm of bots to carry out attacks