CySA+ Study Notes 6 Flashcards
Transitive Trust : trust goes across domains. Non-Transitive Trust : trust is not automatic unless admin permits it.
info
end user is called the principal, then there is the org. providing the proof of identity known as identity provider; and there is the web-based service that user wishes to access, this org. is known as service provider.
SAML
allows org.’s to move IAM to the cloud.
IDaaS (SSO)
??? permissions are grouped together into functional roles and users are assigned to those roles.
??? allows admins to make access control decisions based upon characteristics of user, object, and environment. ex : user must be a manager AND user must be the employees manager OR that managers manager AND date must be later than March 15, 2018.
??? access control system where OS enforces security policies that users may not modify.
??? access control system where permissions may be set by owners of files, computers and other resources.
Role-BAC / ABAC / MC / DAC
is a self-contained app that runs on laptop/desktop and doesnt interact w/any other systems.
Endpoint app
(1) Developing System requirements, (2) Developing software Requirements, (3) Produce Preliminary design from those requirements (4) That is used for basis for a detailed design (5) Code and Debugging creating software (6) Testing : tested rigorously and if passed tests moves into (6) Operations and Maintenance
Waterfall Model (Very Linear Approach - this approach allows for backward movement but only one phase at a time)
(1) Determine Requirements (objectives, alternatives, constraints), (2) Risk Assessment (evaluating alternatives, identifying and resolving risks), (3) Development and Testing (develop and test the code), (4) Planning (for future development work).
Spiral Model (Iterative Process - move through phases multiple times until satisfied product is est.)
(1) Value individuals and interactions over processes and tools, (2) Value working software over comprehensive documentation, (3) Value customer collaboration over contract negotiation, (4) Value responding to change over following a plan.
Agile Method
Level 1 : Initial - creating software with good intentions, but disorganized approach to software development, Level 2 : Repeatable - org. has basic processes like reusing code between projects, requirements management, software project planning, software project tracking and oversight, etc … Level 3 : Defined - have formal documented practices which include process definition, training programs, software engineering etc … Level 4 : Managed - use quantitative measures to evaluate their progress, Level 5 : Optimizing - use continuous process improvement to strive to always get better.
Maturity Models
(1) Request Control : manages, evaluates, and prioritizes inbound request from customers. (2) Change Control : grants permission to developers to make changes to application code. (3) Release Control : moves code from development environment to production.
Change Management
