Domain 1 - Security and Risk Management - Concepts Flashcards

1
Q

IAAA – Which of the following would be used to define “Identification”

A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted

A

C. user claims identity, used for user access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IAAA – Which of the following would be used to define “Authentication”

A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted

A

B. testing of evidence of users identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAAA – Which of the following would be used to define “Authorization”

A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted

A

E. rights and permissions granted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IAAA – Which of the following would be used to define “Accountability”

A. level of confidentiality and privacy protections
B. testing of evidence of users identity
C. user claims identity, used for user access control
D. determine actions to an individual person
E. rights and permissions granted

A

D. determine actions to an individual person (Audit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does “CIA triad” stand for?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CIA triad - Which one of the following would describe “Confidentiality”

Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED

No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion

Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control

A

Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CIA triad - Which one of the following would describe “Integrity”

Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED

No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion

Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control

A

No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CIA triad - Which one of the following would describe “Availability”

Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED

No unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion

Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control

A

Reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define “DAD” and the corresponding association to CIA

A

Disclosure - Confidentiality
Alteration - Integrity
Destruction - Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define “IAAA”

A
Access control requirements for accountability
Identification
Authentication
Authorization
Accountability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly