Computer security Flashcards

1
Q

What is authentication?

A

The process of verifying someone’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can you verify authentication?

A

What you know, who you are, or what you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is authorization?

A

Finding out if a person is permitted to access a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Access control?

A

Controlling access to a resource based on time of day, position, web browser, department, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three types of encryption?

A

Symmetric, Asymmetric, and hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many keys does symmetric encryption use?

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How many keys does asymmetric encryption use?

A

2 - public and private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are examples of symmetric encryption?

A

AES and 3DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are examples of Asymmetric encryption?

A

RSA and ECC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are examples of Hash?

A

SHA1, MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What kinds of changes can be applied to symmetric keys?

A

Sub bytes, shift rows, mix columns, add round key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three phases of asymmetric encryption?

A

Key change, negotiation, communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does hashing work?

A

Hash(message, salt)=hash value (256 bit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the salt?

A

The salt is mixed in with the message so it becomes impossible to unhash. Otherwise it could be done using Google

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does CIA stand for?

A

Confidentiality - how do we keep something secret
Integrity- How do we prevent modification/control
Availability - How to ensure something is ready when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is PII

A

Personally identifying information

17
Q

What are the principals of PII

A

Notice, purpose, consent, security, disclosure, access, and accountability

18
Q

What are the OWASP top three

A

Injection, Cross site scripting, broken authentication and access managment

19
Q

What is XSS

A

Occurs when a application takes untrusted data and sends it to a web browser without proper validation. Attackers can execute scripts in the victims browser and hijack sessions and deface web sites or redirect.

20
Q

WPA2

A

Better than WEP but is only as strong as the password that someone chooses.