Domain 1 - Security and Risk Management - Concepts Flashcards
IAAA – Which of the following would be used to define “Identification”
A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted
C. user claims identity, used for user access control
IAAA – Which of the following would be used to define “Authentication”
A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted
B. testing of evidence of users identity
IAAA – Which of the following would be used to define “Authorization”
A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted
E. rights and permissions granted
IAAA – Which of the following would be used to define “Accountability”
A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted
D. determine actions to an individual person (Audit)
What does “CIA triad” stand for?
Confidentiality
Integrity
Availability
CIA triad - Which one of the following would describe “Confidentiality”
Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED
No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion
Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control
Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control
CIA triad - Which one of the following would describe “Integrity”
Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED
No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion
Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control
No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion
CIA triad - Which one of the following would describe “Availability”
Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED
No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion
Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control
Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED
Define “DAD” and the corresponding association to CIA
Disclosure - Confidentiality
Alteration - Integrity
Destruction - Availability
Define “IAAA”
Access control requirements for accountability Identification Authentication Authorization Accountability