Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security +701 > D P1-3 > Flashcards

D P1-3 Flashcards

1
Q

Risk Management Terms

A. Risk tolerance
B. Risk transfer
C. Risk register
D. Risk analysis

A

Risk Tolerance: The level of risk an organization is willing to accept.

Risk Transfer: Shifting risk to another entity, such as through insurance.

Risk Register: A documented record of identified risks, their impact, and management strategies.

Risk Analysis: The process of assessing potential risks and their impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Plans and Procedures

A. Disaster recovery plan
B. Incident response procedure
C. Business continuity plan
D. Change management procedure

A

Disaster Recovery Plan (DRP): A documented process for recovering IT systems after a disruption.

Incident Response Procedure: Steps to handle and mitigate a security breach or event.

Business Continuity Plan (BCP): Strategies to ensure critical business functions continue during a disruption.

Change Management Procedure: A structured approach to managing changes in systems or processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Practices

A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege

A

Hardening: Strengthening systems to reduce vulnerabilities.

Employee Monitoring: Supervising employee activities to ensure compliance with policies.

Configuration Enforcement: Ensuring systems maintain approved configurations.

Least Privilege: Providing the minimum access necessary for a task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Control Types

A. Detective
B. Compensating
C. Corrective
D. Preventive

A

Detective: Identifies and alerts on incidents (e.g., IDS).

Compensating: Alternative measures when primary controls aren’t possible.

Corrective: Mitigates and restores after an incident (e.g., backup restoration).

Preventive: Stops incidents before they occur (e.g., firewalls).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption Types

A. Partition
B. Asymmetric
C. Full disk
D. Database

A

Partition: Dividing storage space for better management or security.

Asymmetric: Encryption using a pair of public and private keys.

Full Disk: Encrypting the entire disk to secure stored data.

Database: Encrypting data stored within a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Responses

A. Accept
B. Transfer
C. Mitigate
D. Avoid

A

Accept: Acknowledging and choosing not to act on a risk.

Transfer: Delegating risk to a third party.

Mitigate: Reducing the likelihood or impact of a risk.

Avoid: Eliminating the risk entirely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Investigation Techniques

A. Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting

A

Digital Forensics: Analyzing digital evidence after an incident.

E-discovery: Retrieving electronic information for legal purposes.

Incident Response: Actions taken to manage and resolve security incidents.

Threat Hunting: Proactively searching for threats in an environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Domains

A. Application
B. IPS/IDS
C. Network
D. Endpoint

A

Application: Focused on software security.

IPS/IDS: Intrusion Prevention/Detection Systems for monitoring and controlling network traffic.

Network: Securing network infrastructure and traffic.

Endpoint: Protecting individual devices like laptops or mobile phones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Perimeter Security

A. Implementing a bastion host
B. Deploying a perimeter network
C. Installing a WAF
D. Utilizing single sign-on

A

Implementing a Bastion Host: Setting up a highly secure and exposed host.

Deploying a Perimeter Network: Creating a DMZ to separate internal networks from external threats.

Installing a WAF: Using a Web Application Firewall to protect against web attacks.

Utilizing Single Sign-On: Centralizing user authentication for multiple systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Specialized Servers

A. RDP server
B. Jump server
C. Proxy server
D. Hypervisor

A

RDP Server: Provides remote desktop access.

Jump Server: A secure server used as an intermediary for accessing critical systems.

Proxy Server: Mediates requests between clients and servers to enhance security or performance.

Hypervisor: Manages virtual machines on a host system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security Concepts

A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction

A

Secured Zones: Areas with different levels of access control.

Subject Role: The role or identity of an entity in a system.

Adaptive Identity: Dynamic authentication based on user behavior or context.

Threat Scope Reduction: Limiting the potential impact of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Credential Attacks

A. Password spraying
B. Account forgery
C. Pass-the-hash
D. Brute-force

A

Password Spraying: Testing common passwords across many accounts.

Account Forgery: Creating or using fake credentials to impersonate a user.

Pass-the-Hash: Using hashed credentials to authenticate without decrypting them.

Brute-Force: Trying all possible combinations to crack passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Mobile and System Threats

A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading

A

Jailbreaking: Removing restrictions on a device to allow unauthorized changes.

Memory Injection: Injecting malicious code into memory to exploit a system.

Resource Reuse: Exploiting residual data from reused resources.

Side Loading: Installing apps from unofficial or unauthorized sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Acronyms

A. IRP
B. DRP
C. RPO
D. SDLC

A

IRP: Incident Response Plan.

DRP: Disaster Recovery Plan.

RPO: Recovery Point Objective—defines data loss tolerance.

SDLC: Software Development Life Cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Modes

A. Active
B. Passive
C. Defensive
D. Offensive

A

Active: Engaging threats directly.

Passive: Observing without direct interaction.

Defensive: Protecting against attacks.

Offensive: Proactively engaging potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Governance and Compliance

A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence

A

Rules of Engagement: Guidelines for interactions during security activities.

Supply Chain Analysis: Assessing risks in supply chain relationships.

Right to Audit Clause: Contractual right to review a partner’s practices.

Due Diligence: Conducting thorough evaluations before decisions.

17
Q

Social Engineering

A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation

A

Typosquatting: Registering misspelled domain names to deceive users.

Phishing: Fraudulent attempts to obtain sensitive information.

Impersonation: Pretending to be someone else to gain trust.

Vishing: Phishing conducted over phone calls.

Smishing: Phishing conducted via SMS.

Misinformation: Deliberately spreading false information.

18
Q

Authentication

A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity

A

Multifactor Authentication: Using multiple methods to verify identity.

Permissions Assignment: Allocating specific access rights.

Access Management: Controlling user access to resources.

Password Complexity: Requiring strong passwords with various character types.

19
Q

Security Technologies

A. NGFW
B. WAF
C. TLS
D. SD-WAN

A

NGFW: Next-Generation Firewall with advanced filtering capabilities.

WAF: Web Application Firewall for protecting web apps.

TLS: Transport Layer Security for encrypted communication.

SD-WAN: Secure and efficient Wide Area Networking.

20
Q

Infrastructure Components

A. Jump server
B. RADIUS
C. HSM
D. Load balancer

A

Jump Server: Used as a gateway to secure internal systems.

RADIUS: Remote Authentication Dial-In User Service for centralized authentication.

HSM: Hardware Security Module for managing cryptographic keys.

Load Balancer: Distributes traffic across multiple servers for performance.

21
Q

Authentication Methods

A. SSO
B. LEAP
C. MFA
D. PEAP

A

SSO: Single Sign-On for centralized authentication.

LEAP: Lightweight Extensible Authentication Protocol.

MFA: Multifactor Authentication.

PEAP: Protected Extensible Authentication Protocol.

22
Q

Phishing Techniques

A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing

A

Brand Impersonation: Pretending to be a trusted company.

Pretexting: Crafting a scenario to extract information.

Typosquatting: Using misspelled domains to deceive users.

Phishing: Broad term for fraudulent attempts to obtain sensitive data.

23
Q

Data Protection

A. Key stretching
B. Data masking
C. Steganography
D. Salting

A

Key Stretching: Strengthening passwords using algorithms like PBKDF2.

Data Masking: Obscuring data to protect sensitive information.

Steganography: Hiding data within other files.

Salting: Adding random data to passwords before hashing.

24
Q

Threat Actors

A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker

A

Hacktivist: Motivated by political or social causes.

Whistleblower: Insider exposing wrongdoing.

Organized Crime: Professional criminals targeting systems for profit.

Unskilled Attacker: Lacks advanced knowledge, often uses prebuilt tools.

Security +701 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions