Cybersecurity Fundementals Flashcards
What is the the CIANA pentagon?
C - Confidentiality (encryption/safeguard)
I - Integrity (checksums/hash digests)
A - Availability (redundancy/backups)
N - Non-repudiation (digital signature)
A - Authentication (proving of identity)
What is the reason for the CIANA pentagon?
The five CIANA principles are used to guide organizations in implementing and
maintaining effective security controls, including firewalls, intrusion
detection systems, and access control lists
What is snooping?
Unauthorized access to another person’s data
What is eavesdropping?
Unlawful interception of information while being transmitted over a
computer network
What is wiretapping?
Involves the targeted interception of telephone lines or Internet-based
communications
What is social engineering?
Leverages psychological manipulation to coax individuals into revealing
sensitive information
What is dumpster diving?
Looks through someone’s trash looking for discarded information that
could be useful or sensitive
What is an on-path/man in the middle attack and what is the countermeasure?
▪ A malicious actor intercepts the communication between two
unsuspecting parties
▪ Organizations must implement multi-layered security measures
What is a replay attack and what is the countermeasure?
▪ An adversary captures data during transmission and then retransmits it (for example login credentials/one time tokens)
▪ Preemptive and reactive security measures are used in effective
countermeasures
What is an impersonation attack and what is the countermeasure?
▪ Occurs when a malicious actor poses as a legitimate user to gain
unauthorized access or execute prohibited actions
▪ Organizations implement user awareness training programs
What is an unauthorized data modification attack and what is the countermeasure?
▪ An unauthorized user or modifies data in an unintended manner (modification, addition, or deletion of data)
▪ Techniques such as checksums, digital hash digests, and digital signatures, coupled with robust access control mechanisms.
Why is availability important?
Security systems and data must be accessible and operational when needed in order to prevent breaches.
What is a denial of service attack?
▪ Attempts to make a computer or network resource unavailable to its
intended users by overwhelming the target with a flood of Internet traffic
What are 3 defenses to a DoS attack?
● Traffic Filtering
* Controls the packets allowed to enter or exit a network based on attributes
● Rate Limiting
* Set up rate-limiting caps on the number of server requests within a given time from a user or IP address
● IP Allow Listing
* Only traffic from trusted IP addresses is allowed to reach particular services or servers
Name 4 other availability concerns that could result from unexpected outside factors?
Power outage
Hardware failure
Destruction
Service outage
What is social engineering?
Manipulating people into giving up confidential information
What is phishing?
An attempt by cybercriminals posing as legitimate institutions, usually via email, to obtain sensitive information from targeted individuals
What is spear phishing?
Attacker tailors the attack and the messaging in emails to a specific individual or organization
What is business email compromise?
Attacker pose as a high-ranking executive or business partner
What is baiting?
Occurs when an attacker leaves a seemingly harmless device (a USB flash drive) in an obvious location
What is pretexting?
An attacker creates a believable pretext, or false scenario, to steal information
What is fault tolerance?
Allowing for faults by providing backups, redundancies, or replications.
What is a good example of data redundancy?
● Redundant Array of Independent Disks (RAID)
* Offers a variety of fault-tolerant solutions, defined in numbered levels, including RAID 1 (disk mirroring) and
RAID 5 (striping with parity)
What is network redundancy?
It’s common for a server to have multiple network cards installed to
provide fault tolerance for your network adapter
What is power redundancy?
Servers and network appliances require a stable power supply to operate, but power spikes, surges, brownouts, or blackouts can cause potential failures for the systems
What is site redundancy?
Implementing service and data replication between multiple data centers
What are disaster recovery workflows?
Comprehensive plans that list the procedures and contingencies in case of a small or large scale disaster
What factors should a disaster recovery plan focus on?
Security concerns
Prioritization
Data restoration
Restoring access