Domain 1 Flashcards
What should be the primary focus for Web services?
Availability
Integrity
How can we protect the Integrity?
We can protect Integrity by utilizing:
1) Cryptography
2) Checksum (CRC)
3) Hashing (for instance; MD5 SHA1 or SHA2)
4) Digital Signature (prevent from Non-repudiation)
5) Access Control
How do we maintain the availability?
We can maintain and protect the Availability by implementing and deploying:
1) Installing Intrusion Prevention System (IPS)
Intrusion Detection System (IDS)
2) Regularly performing Patch Management
3) Predict and prepare for Redundancy (power, traffic route, hardware, staff)
What are the basic types of ways for identification and authentication?
Typical authentication methods involve identifying the following -
1) something you know (Username, Password, PIN)
2) something you have(Access cards, Access Tokens, Security Keys etc)
3) something you are (combination of physical or behavioural, for example fingerprint, retina scan, voice recognition, facial recognition)
What are the examples of Physical security?
security guard, access cards, biometrics
What are the examples of Logical security?
IPS
IDS
User Access Authentication
What is the biggest data protection law and privacy law for all individuals in the EU and EEA?
GDPR - General Data Protection Regulation
How much is the fine for violating the GDPR Law?
-20 million Euros or 4% of the annual profit.
What does it mean by Data Owner?
Data owners are Individuals or entities responsible for managing, securing, and controlling specific data within an organization, including defining access, security, and usage policies.
What does it mean by Data Custodian?
Data Custodians are mainly responsible for physically storing, maintaining, and protecting data, including storage, backup, security, maintenance, retention, disposal, and access management.
What is the retention policy?
Typically these are the set of guidelines governing the retention, storage, and disposal of data, specifying data classification, retention periods, data destruction, compliance requirements, and responsibilities.
How do we perform data destruction?
There are several ways to perform data destruction such as;
1) Overwriting: Multiple passes of data overwrites.
2) Degaussing: Magnetic field erasure for magnetic media.
3) Physical Destruction: Shredding, drilling, or burning.
4) Purging - Permanently removing data from a storage system.
What does ABAC stand for?
ABAC stands for Attribute-Based Access Control.
What is privilege creep?
When people get more access than they need to do their duties.
What is the best way to prevent privilege creep?
The most effective ways to prevent it will be implementing least privilege and performing regular reviews.
What is MFA?
MFA stands for Multi-factor Authentication.
What is SFA?
SFA means Single-factor Authentication.
What is the difference between MFA and SFA?
MFA enhances security by necessitating multiple authentication factors, whereas SFA relies on a single factor, which makes it less secure.
What is Open Authorization?
It is also known as OAuth and it is a security framework for one online service to access another on behalf of a user without sharing user credentials.
What does DAC mean?
DAC (Discretionary Access Control) means users have discretion to decide who can access their resources and set permissions (e.g., read, write). Access control decisions are decentralized and based on user identities, groups, or roles.
What is an ethical wall?
It mainly separates different parts of an organization to prevent conflicts of interest, maintain confidentiality, and ensure ethical standards.
What is Access control?
It is a system which regulates who can access system resources.
What are the Access control types?
There are several types of Access control and those include Physical (e.g., keycards), Logical (e.g., passwords), Role-Based (by job), Attribute-Based (based on attributes), Discretionary (owner control), Mandatory (security labels), Rule-Based, Time-Based, Biometric (biological traits), and Visitor Management (for guests).
What are Access Tokens?
These are temporary keys used in authentication. They’re given after the initial login and are used to access resources without sharing login credentials.
What is the standard used in Health Care Sectors? (choose one)
1) PCI DSS
2) GDPR
3) HIPPA
Answer: HIPPA
Tru or Flase: GPDR is the standard used for Payment related?
Answer: False
———————- is the standard use for payment cards? (fill in the blank)
Answer: PCI DSS
What is key escrow?
Key escrow refers to the process where copies of encryption keys are securely kept with a reliable third party, known as the escrow agent. These keys are generally utilized for encrypted data storage or communication.
——- is a method used to decipher codes by examining the frequency of letters or symbols in encrypted texts.
Answer: Frequency Analysis
What is the work factor?
The Work Factor represents the amount of effort, resources, and time needed to compromise a cryptographic system or encryption. It serves as an indicator of the level of difficulty an attacker would face when attempting to decode encrypted data.
True or False: Encryption is the process of converting ciphertext (coded data) back into its original plaintext form.
Answer: False
What is decryption?
It is the process of converting ciphertext back into its original plaintext form.
What does “out-of-band” mean in communication and networking?
“Out-of-band” means using a different way to send extra details or instructions along with the main data to make better communication.
What is Non-Repudiation?
Non-repudiation ensures that the individual who sent a message or initiated a digital transaction cannot deny their act or transitions.
What is the keyspace in cryptography?
Keyspace refers to the total range of possible keys that can be used for encoding or decoding data with a cryptographic algorithm.
What does CPTED stand for?
“Crime Prevention Through Environmental Design,” is a strategy that uses design and planning to lower crime and enhance safety by influencing the physical environment.
What is a session key?
A session key is a one-time encryption key made for a specific transaction to keep data safe.
What does IPS stand for?
IPS stands for Intrusion Prevention System.
What does IDS stand for?
IDS stands for Intrusion Detection System.
The goal of cryptography is to ______ information from unauthorized individuals
Answer: protect
“Cipher” is another term for al_______
Answer: gorithm (algorithm)
True or False: Monoalphabetic cipher means more than one alphabet is used.
False.
Monoalphabetic cipher means only one alphabet is used.
MCQ: It is a technique which replaces bits, characters or blocks or characters with different bits characters or blocks.
1) Transposition Cipher
2) Substitution Cipher
True or False: Caesar Cipher is the most secure and effective cipher method.
False.
(One-time pad is the most secure cipher method).
True or False: Scytale Cipher method is an example of substitution cipher.
False.
(It is a transposition cipher method. )
In most languages, certain letters appear more often.
In English, it is the letter _______
E
Two main parts to encryption are the ——– used and ———–.
Answer: algorithm, the key.
Are there any issues with the XOR technique?
Yes, XOR can be prone to attacks if the key is short or reused. It also lacks authentication and doesn’t guard against cryptographic attacks.
What is cryptanalysis?
Cryptanalysis is the process of decoding encrypted data, breaking encryption techniques, and bypassing authentication to reveal concealed information.
Is cipher text readable by human and machine?
Cipher text is not readable by humans and machines. Only plaintext is readable by humans and machines.
What is more vulnerable? Data at rest or data being transmitted?
Data in transit is generally more at risk than data at rest, as it’s exposed to potential interception and eavesdropping during its journey, making it prone to various attacks.
S______ key encryption, and A________ key encryption are two types of cryptosystems.
Symmetrical, Asymmetrical.
True or False: Asymmetric key encryption is a cryptosystem that uses the same key for both encryption and decryption.
False
MCQ: It is also known as PKI, which uses different keys for encryption and decryption
1) Symmetric
2) Asymmetric
(Answer: Asymmetric)
What is Steganography?
It is a method of concealing the existence of data by embedding it within a different media type.
What is a payload in computing and networking?
The payload is the actual data or meaningful content carried within a packet or message.
