Cloud and Wireless Security Flashcards
What is it called when someone in an organization looks at the data they have in their organization, and start to classify it based on its privacy and confidentiality level?
Data classification
Which data classification includes data about people that must be kept private, organizations must use proper security controls to be in compliance?
Private Data
What data classification involves information or data owned by the organization including intellectual property, customer lists, pricing information, and patents?
Confidential
What data classification involves information or data shared internally by an organization, although confidential information and/or data may not be included, communications are not intended to leave the organization?
Internal use only
What data classification involves information or data shared with the public, such as website content, white papers, and the like?
Public domain data
What type of access control has each individual owner of a resource manage their own access control policy?
Discretionary access control (DAC)
What type of access control groups users into common categories and applies permissions to those categories and refer to them as roles?
Role-based Access Control (RBAC)
What type of access control have permissions based on attributes such as location, time, or device?
Attribute-based access control (ABAC)
What type of access control has access allowed or denied based on fixed rules?
Rule-based Access Control (RuBAC)
What type of access control is based on the context or state of the transaction and evaluates the situation or environment in which the access request is being made?
Context-based Access Control (CBAC)
What do you call stored, inactive data?
Data at rest
What do you call data being transmitted over a network?
Data in Transit
What are the four aspects of access control?
Identification, Authentication, Authorization, and Accountability
Which aspect of access control are assertions made by users about who they are?
Identification
Which aspect of access control is proving identification?
Authentication
Which aspect of access control are the permissions of a legitimate user or process has on the system?
Authorization
Which aspect of access control is tracking or logging what users do while accessing the system?
Accountability
What is the weakest wireless encryption standard?
Wired Equivalent Privacy (WEP)
What is the second weakest wireless encryption standard?
Wi-Fi Protected Access (WPA)
What wireless encryption standard is most commonly used today?
WPA2
What is the strongest wireless encryption standard?
WPA3
Which wireless network infrastructure mode is a type of network where devices communicate directly with each other without a central access point?
Ad-hoc
Which wireless network infrastructure mode is a network type that involves devices connecting through a central access point, like a router, which facilitates a more stable and organized network structure?
Infrastructure
What type of attack involves an attacker providing malicious SQL statements to access unauthorized data or carry out unauthorized commands?
SQL injection attack
What attack involves setting up a rogue AP for the legitimate users to sniff data?
Evil twin or rogue access point attack
What attack involves an attacker fooling the network into addressing packets to his or her computer by supplying its MAC address to the network in response to ARP requests, once the ARP information is set, packets are routed through the attacker’s computer, captured, and then forwarded to the legitimate recipient?
Arp poisoning or arp spoofing attack
What attack forces a wireless client (or all wireless clients) off of the wireless network?
Deauthentication attack
