Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ 601 > Domain 3: Implementation (25%) > Flashcards

Domain 3: Implementation (25%) Flashcards

1
Q

*3.2 Endpoint protection

Data Loss Prevention (DLP)

A

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.

*Software or hardware solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

*3.2 Boot Integrity

Unified Extensible Firmware Interface (UEFI) (Updated version of BIOS)

A

Firmware that provides the computer instructions for how to accept
input and send output.

A type of system firmware providing support for 64-bit CPU
operation at boot, full GUI and mouse operation at boot, and
better boot security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

*3.2 Self-encrypting drive (SED)

A

Storage device that performs whole disk encryption by using embedded
hardware.

*hardware based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

*3.2 Full-disk encryption (FDE)

A

software based encription.

Mac: FileVault
Windows: BitLocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

*3.2 Trusted Platform Module (TPM)

A

Chip residing on the motherboard that contains an encryption key.

If your motherboard doesn’t have TPM, you can use an external
USB drive as a key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

*3.3 Network appliances

Hardware Security Module (HSM)

A

Physical devices that act as a secure cryptoprocessor during the encryption process

you’ll see them as an adapter card that plugs in through a USB or a network-attached device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

*3.2 Endpoint protection

Endpoint Detection and Response (EDR)

A

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

*3.2 Endpoint protection

Antivirus/anti-malware

A

Software capable of detecting and removing virus infections and (in most
cases) other types of malware, such as worms, Trojans, rootkits, adware,
spyware, password crackers, network mappers, DoS tools, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

*3.2 Endpoint protection

Host-based firewall/personal firewall

A

A software application that protects a single computer from unwanted Internet traffic.

ex: Windows: windows firewall
Mac: PF and IPFW
Linux: iptables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

*3.5 Mobile device management (MDM)

Remote Wipe

A

Remotely erases the contents of the device to ensure the information is
not recovered by the thief.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

*3.1 Protocols

Transport Layer Security

A

puts an encryption layer and a tunnel between your device and the server to ensure you have confidentiality and nobody is conducting a man-in-the-middle attack from you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

*3.5 Mobile Device Management (MDM)

A

Centralized software solution that allows system administrators to create and enforce policies across its mobile devices.

-remote administration and configuration of mobile devices. I can push out software policies to you, prevent you from installing applications, and install updates remotely without your use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

*3.7 Account policies

Geotagging

A

Embedding of the geolocation coordinates into a piece of data (i.e., a photo).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

*3.5 Mobile Device Management (MDM)

Storage Segmentation (BYOD)

A

Creating a clear separation between personal and company data on a single device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

*3.5 Deployment Models

BYOD

A

Bring your own device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

*3.5 Deployment Models

CYOD

A

Choose your own device

CYOD gives the employee a choice of a couple of phones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

*3.2 Hardware root of trust

A

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

EX: Trusted Platform Module (TPM), Hardware Security Module (HSM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

*3.2 Trusted Platform Module (TPM)

A

A specification for hardware-based storage of digital certificates, keys,
hashed passwords, and other user and platform identification
information.

you really need to remember that TPM, the trusted platform module, is this part of your system
that allows you to have the ability to ensure that when you’re booting up, it is done securely and we can take those reports and digitally sign them using the TPM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

3.3, 3.5, 3.8

Hardware Security Module (HSM)

A

An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

3.2 Boot Integrity

Secure boot

A

Secure boot is a feature of UEFI that prevents unwanted processes from executing during the boot operation. Essentially, as a computer is booting up, it’s going to check things and make sure that there’s digital signatures installed from those operating system vendors. If Microsoft Windows isn’t signed by Microsoft, we’re not going to boot it. That’s the idea of secure boot. We want to make sure that the bootloader is only loading things that are valid and not loading malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

*3.2 Boot Integrity

Measured Boot

A

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. So, as you’re booting up, it’s going to be taking different measurements, how much time does it take for you to do this? How much process should it take to do that, and based on that, it’s going to collect that data, it’s going to create a report, and then it’s going to attest to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

*3.2 Boot Integrity

Boot Attestation

A

A claim that the data presented in a report is valid, and it does this by digitally signing it using the TPM’s private key. So, the UEFI, it’s going to take that report, it’s going to sign it with that digital key, and then send it on to the operating system into the processor. This way we know we can trust it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  • 3.2 Application Security

Static code analysis

A

Source code of an application is reviewed manually or with automatic
tools without running the code

Think of static analysis as your third grade English teacher looking over your essay and marking it up with a red pen to show you all of your errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

*3.2 Application Security

Dynamic code Analysis

A

Analysis and testing of a program occurs while it is being executed or run

Dynamic analysis on the other hand is performed on a program while it’s being run. The most common type of dynamic analysis includes the use of fuzzing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

*3.2 Application Security

Fuzzing

A

Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper
input validation

Fuzzing, also known as a Fuzz Test, involves using a software program to insert randomized data in an attempt to find vulnerabilities. Fuzzing is used to determine possible system failures, memory leaks, error handling issues, and improper input validation as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

*3.3 Access Control List (ACL)

A

An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics

IP Spoofing is used to trick a Router’s ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

*3.3 Network segmentation

Screened Subnet (DMZ)

A

A segment isolated from the rest of a private network by one or more firewalls that accept connections from the internet over designated ports.

Focused on providing controlled access to publicly available servers that are hosted within your organizational network.

Everything behind the Screened Subnet (DMZ) is invisible to the outside network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

*3.3 Network segmentation

Extranet

A

Specialized type of DMZ that is created for your partner organizations to access over a wide area network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

*3.3 Network segmentation

Intranet

A

Used when only one company is involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

*3.3 Network Access Control(NAC)

A

Security Technique in which devices are scanned to determine its current state prior to being allowed access onto a given network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

3.5 Mobile Device Management

*Context Aware Authentication

A

Process to check the user’s or system’s attributed or characteristics prior
to allowing it to connect

§ Restrict authentication based on the time of day or location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

3.8 Authentication/Authorization

*Single Sign-On (SSO)

A

A default user profile for each user is created and linked with all of the
resources needed
§ Compromised SSO credentials cause a big breach in security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

3.8 Authentication/authorization

*Security Assertion Markup Language (SAML)

A

Attestation model built upon XML used to share federated
identity management information between systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

3.8 Authentication/authorization

OpenID

A

An open standard and decentralized protocol that is used to
authenticate users in a federated identity management system

User logs into an Identity Provider (IP) and uses their account at
Relying Parties (RP)

OpenID is easier to implement than SAML

SAML is more efficient than OpenID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

3.8 Authentication/Authorization

*802.1X

A

Standardized framework used for port-based authentication on wired
and wireless networks

First, 802.1x is an IEEE standard that defines Port-Based Network Access Control or PNAC. 802.1x is a data link layer authentication technology that’s used to connect devices to a wired or wireless LAN.

Also, it defines the EAP protocol.

RADIUS
TACACS+

802.1x can prevent rogue devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

3.8 Authentication/authorization

*Extensible Authentication Protocol (EAP)

A

A framework of protocols that allows for numerous methods of
authentication including passwords, digital certificates, and public key
infrastructure

§ EAP-MD5 uses simple passwords for its challenge-authentication

§ EAP-TLS uses digital certificates for mutual authentication

§ EAP-TTLS uses a server-side digital certificate and a client-side password
for mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

3.8 Authentication/authorization

Kerberos

A

An authentication protocol used by Windows to provide for two-way
(mutual) authentication using a system of tickets

Port 88

§ A domain controller can be a single point of failure for Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

3.8 Authentication/authorization

*Password Authentication Protocol (PAP)

A

Used to provide authentication but is not considered secure since it
transmits the login credentials unencrypted (in the clear)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

3.8 Authentication/authorization

Challenge Handshake Authentication Protocol (CHAP)

A

Used to provide authentication by using the user’s password to encrypt a
challenge string of random numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

3.3 *Virtual Private Network (VPN)

A

Allows end users to create a tunnel over an untrusted network and
connect remotely and securely back into the enterprise network

§ Client-to-Site VPN or Remote Access VPN

VPN Concentrator:
§ Specialized hardware device that allows for hundreds of simultaneous
VPN connections for remote workers

Split Tunneling:
§ A remote worker’s machine diverts internal traffic over the VPN but
external traffic over their own internet connection
§ Prevent split tunneling through proper configuration and network
segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

3.8 Authentication/authorization

Remote Authentication Dial-In User Service (RADIUS)

A

1.Provides centralized administration of dial-up, VPN, and wireless
authentication services for 802.1x and the Extensible Authentication
Protocol (EAP)

2.Centralization administration system for dial-up, VPN, and wireless
authentication (802.1x) that uses either ports 1812/1813 (UDP) or 1645/1646 UDP (alternative)

§ RADIUS operates at the application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

3.8 Authentication/authorization

Terminal Access Controller Access Control System Plus (TACACS+)

A

Cisco’s proprietary version of RADIUS that provides separate
authentication and authorization functions over port 49 (TCP)

43
Q

3.8 Access Control Schemes

Discretionary Access Control (DAC)

A
  • The access control policy is determined by the owner
  • DAC is used commonly
    1. Every object in a system must have an owner
    1. Each owner determines access rights and permissions for each
      object
44
Q

3.8 Access Control Schemes

Mandatory Access Control (MAC)

A

An access control policy where the computer system determines
the access control for an object

  • The owner chooses the permissions in DAC but in MAC, the
    computer does
45
Q

3.8 Access Control Schemes

Rule-based Access Control

A

Label-based access control that defines whether access should be
granted or denied to objects by comparing the object label and
the subject label

46
Q

3.8 Access control schemes

Role-based Access Control (RBAC)

A
  • An access model that is controlled by the system (like MAC) but
    utilizes a set of permissions instead of a single data label to define
    the permission level
  • Power Users is a role-based permission
47
Q

3.8 Access Control Schemes

Attribute-Based Access Control (ABAC)

A
  • An access model that is dynamic and context-aware using IF-THEN
    statements
  • If Jason is in HR, then give him access to \fileserver\HR
48
Q

3.3 Port spanning/port mirroring

A

One or more switch ports are configured to forward all of their packets to
another port on the switch

49
Q

3.1 Protocols

SNMP

A

A TCP/IP protocol that aids in monitoring network-attached devices and
computers
§ SNMP is incorporated into a network management and monitoring
system

50
Q

3.1 Protocols

SNMP v3

A

Version of SNMP that provides integrity, authentication, and encryption
of the messages being sent over the network

51
Q

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.

*Software or hardware solutions

A

*3.2 Endpoint protection

Data Loss Prevention (DLP)

52
Q

Firmware that provides the computer instructions for how to accept
input and send output.

A type of system firmware providing support for 64-bit CPU
operation at boot, full GUI and mouse operation at boot, and
better boot security.

A

*3.2 Boot Integrity

Unified Extensible Firmware Interface (UEFI) (Updated version of BIOS)

53
Q

Storage device that performs whole disk encryption by using embedded
hardware.

*hardware based

A

*3.2 Self-encrypting drive (SED)

54
Q

software based encription.

Mac: FileVault
Windows: BitLocker

A

*3.2 Full-disk encryption (FDE)

55
Q

Chip residing on the motherboard that contains an encryption key.

If your motherboard doesn’t have TPM, you can use an external
USB drive as a key.

A

*3.2 Trusted Platform Module (TPM)

56
Q

Physical devices that act as a secure cryptoprocessor during the encryption process

you’ll see them as an adapter card that plugs in through a USB or a network-attached device.

A

*3.3 Network appliances

Hardware Security Module (HSM)

57
Q

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

A

*3.2 Endpoint protection

Endpoint Detection and Response (EDR)

58
Q

Software capable of detecting and removing virus infections and (in most
cases) other types of malware, such as worms, Trojans, rootkits, adware,
spyware, password crackers, network mappers, DoS tools, and others.

A

*3.2 Endpoint protection

Antivirus/anti-malware

59
Q

A software application that protects a single computer from unwanted Internet traffic.

ex: Windows: windows firewall
Mac: PF and IPFW
Linux: iptables

A

*3.2 Endpoint protection

Host-based firewall/personal firewall

60
Q

Remotely erases the contents of the device to ensure the information is
not recovered by the thief.

A

*3.5 Mobile device management (MDM)

Remote Wipe

61
Q

puts an encryption layer and a tunnel between your device and the server to ensure you have confidentiality and nobody is conducting a man-in-the-middle attack from you.

A

*3.1 Protocols

Transport Layer Security

62
Q

Centralized software solution that allows system administrators to create and enforce policies across its mobile devices.

-remote administration and configuration of mobile devices. I can push out software policies to you, prevent you from installing applications, and install updates remotely without your use.

A

*3.5 Mobile Device Management (MDM)

63
Q

Embedding of the geolocation coordinates into a piece of data (i.e., a photo).

A

*3.7 Account policies

Geotagging

64
Q

Creating a clear separation between personal and company data on a single device.

A

*3.5 Mobile Device Management (MDM)

Storage Segmentation (BYOD)

65
Q

Bring your own device

A

*3.5 Deployment Models

BYOD

66
Q

Choose your own device

CYOD gives the employee a choice of a couple of phones.

A

*3.5 Deployment Models

CYOD

67
Q

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

EX: Trusted Platform Module (TPM), Hardware Security Module (HSM).

A

*3.2 Hardware root of trust

68
Q

A specification for hardware-based storage of digital certificates, keys,
hashed passwords, and other user and platform identification
information.

you really need to remember that TPM, the trusted platform module, is this part of your system
that allows you to have the ability to ensure that when you’re booting up, it is done securely and we can take those reports and digitally sign them using the TPM.

A

*3.2 Trusted Platform Module (TPM)

69
Q

An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage.

A

3.3, 3.5, 3.8

Hardware Security Module (HSM)

70
Q

Secure boot is a feature of UEFI that prevents unwanted processes from executing during the boot operation. Essentially, as a computer is booting up, it’s going to check things and make sure that there’s digital signatures installed from those operating system vendors. If Microsoft Windows isn’t signed by Microsoft, we’re not going to boot it. That’s the idea of secure boot. We want to make sure that the bootloader is only loading things that are valid and not loading malware.

A

3.2 Boot Integrity

Secure boot

71
Q

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. So, as you’re booting up, it’s going to be taking different measurements, how much time does it take for you to do this? How much process should it take to do that, and based on that, it’s going to collect that data, it’s going to create a report, and then it’s going to attest to it.

A

*3.2 Boot Integrity

Measured Boot

72
Q

A claim that the data presented in a report is valid, and it does this by digitally signing it using the TPM’s private key. So, the UEFI, it’s going to take that report, it’s going to sign it with that digital key, and then send it on to the operating system into the processor. This way we know we can trust it.

A

*3.2 Boot Integrity

Boot Attestation

73
Q

Source code of an application is reviewed manually or with automatic
tools without running the code

Think of static analysis as your third grade English teacher looking over your essay and marking it up with a red pen to show you all of your errors.

A
  • 3.2 Application Security

Static code analysis

74
Q

Analysis and testing of a program occurs while it is being executed or run

Dynamic analysis on the other hand is performed on a program while it’s being run. The most common type of dynamic analysis includes the use of fuzzing.

A

*3.2 Application Security

Dynamic code Analysis

75
Q

Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper
input validation

Fuzzing, also known as a Fuzz Test, involves using a software program to insert randomized data in an attempt to find vulnerabilities. Fuzzing is used to determine possible system failures, memory leaks, error handling issues, and improper input validation as well.

A

*3.2 Application Security

Fuzzing

76
Q

An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics

IP Spoofing is used to trick a Router’s ACL

A

*3.3 Access Control List (ACL)

77
Q

A segment isolated from the rest of a private network by one or more firewalls that accept connections from the internet over designated ports.

Focused on providing controlled access to publicly available servers that are hosted within your organizational network.

Everything behind the Screened Subnet (DMZ) is invisible to the outside network.

A

*3.3 Network segmentation

Screened Subnet (DMZ)

78
Q

Specialized type of DMZ that is created for your partner organizations to access over a wide area network

A

*3.3 Network segmentation

Extranet

79
Q

Used when only one company is involved

A

*3.3 Network segmentation

Intranet

80
Q

Security Technique in which devices are scanned to determine its current state prior to being allowed access onto a given network

A

*3.3 Network Access Control(NAC)

81
Q

Process to check the user’s or system’s attributed or characteristics prior
to allowing it to connect

§ Restrict authentication based on the time of day or location

A

3.5 Mobile Device Management

*Context Aware Authentication

82
Q

A default user profile for each user is created and linked with all of the
resources needed
§ Compromised SSO credentials cause a big breach in security

A

3.8 Authentication/Authorization

*Single Sign-On (SSO)

83
Q

Attestation model built upon XML used to share federated
identity management information between systems

A

3.8 Authentication/authorization

*Security Assertion Markup Language (SAML)

84
Q

An open standard and decentralized protocol that is used to
authenticate users in a federated identity management system

User logs into an Identity Provider (IP) and uses their account at
Relying Parties (RP)

OpenID is easier to implement than SAML

SAML is more efficient than OpenID

A

3.8 Authentication/authorization

OpenID

85
Q

Standardized framework used for port-based authentication on wired
and wireless networks

First, 802.1x is an IEEE standard that defines Port-Based Network Access Control or PNAC. 802.1x is a data link layer authentication technology that’s used to connect devices to a wired or wireless LAN.

Also, it defines the EAP protocol.

RADIUS
TACACS+

802.1x can prevent rogue devices

A

3.8 Authentication/Authorization

*802.1X

86
Q

A framework of protocols that allows for numerous methods of
authentication including passwords, digital certificates, and public key
infrastructure

§ EAP-MD5 uses simple passwords for its challenge-authentication

§ EAP-TLS uses digital certificates for mutual authentication

§ EAP-TTLS uses a server-side digital certificate and a client-side password
for mutual authentication

A

3.8 Authentication/authorization

*Extensible Authentication Protocol (EAP)

87
Q

An authentication protocol used by Windows to provide for two-way
(mutual) authentication using a system of tickets

Port 88

§ A domain controller can be a single point of failure for Kerberos

A

3.8 Authentication/authorization

Kerberos

88
Q

Used to provide authentication but is not considered secure since it
transmits the login credentials unencrypted (in the clear)

A

3.8 Authentication/authorization

*Password Authentication Protocol (PAP)

89
Q

Used to provide authentication by using the user’s password to encrypt a
challenge string of random numbers

A

3.8 Authentication/authorization

Challenge Handshake Authentication Protocol (CHAP)

90
Q

Allows end users to create a tunnel over an untrusted network and
connect remotely and securely back into the enterprise network

§ Client-to-Site VPN or Remote Access VPN

VPN Concentrator:
§ Specialized hardware device that allows for hundreds of simultaneous
VPN connections for remote workers

Split Tunneling:
§ A remote worker’s machine diverts internal traffic over the VPN but
external traffic over their own internet connection
§ Prevent split tunneling through proper configuration and network
segmentation

A

3.3 *Virtual Private Network (VPN)

91
Q

1.Provides centralized administration of dial-up, VPN, and wireless
authentication services for 802.1x and the Extensible Authentication
Protocol (EAP)

2.Centralization administration system for dial-up, VPN, and wireless
authentication (802.1x) that uses either ports 1812/1813 (UDP) or 1645/1646 UDP (alternative)

§ RADIUS operates at the application layer

A

3.8 Authentication/authorization

Remote Authentication Dial-In User Service (RADIUS)

92
Q

Cisco’s proprietary version of RADIUS that provides separate
authentication and authorization functions over port 49 (TCP)

A

3.8 Authentication/authorization

Terminal Access Controller Access Control System Plus (TACACS+)

93
Q
  • The access control policy is determined by the owner
  • DAC is used commonly
    1. Every object in a system must have an owner
    1. Each owner determines access rights and permissions for each
      object
A

3.8 Access Control Schemes

Discretionary Access Control (DAC)

94
Q

An access control policy where the computer system determines
the access control for an object

  • The owner chooses the permissions in DAC but in MAC, the
    computer does
A

3.8 Access Control Schemes

Mandatory Access Control (MAC)

95
Q

Label-based access control that defines whether access should be
granted or denied to objects by comparing the object label and
the subject label

A

3.8 Access Control Schemes

Rule-based Access Control

96
Q
  • An access model that is controlled by the system (like MAC) but
    utilizes a set of permissions instead of a single data label to define
    the permission level
  • Power Users is a role-based permission
A

3.8 Access control schemes

Role-based Access Control (RBAC)

97
Q
  • An access model that is dynamic and context-aware using IF-THEN
    statements
  • If Jason is in HR, then give him access to \fileserver\HR
A

3.8 Access Control Schemes

Attribute-Based Access Control (ABAC)

98
Q

One or more switch ports are configured to forward all of their packets to
another port on the switch

A

3.3 Port spanning/port mirroring

99
Q

A TCP/IP protocol that aids in monitoring network-attached devices and
computers
§ SNMP is incorporated into a network management and monitoring
system

A

3.1 Protocols

SNMP

100
Q

Version of SNMP that provides integrity, authentication, and encryption
of the messages being sent over the network

A

3.1 Protocols

SNMP v3

101
Q

Uses digital signatures to provide an assurance that the software code
has not been modified after it was submitted by the developer

A

3.2 Application security

Code Signing

102
Q

Allow all of the subdomains to use the same public key certificate and
have it displayed as valid
§ Wildcard certificates are easier to manage

A

3.9 Types of certificates

Wildcard Certificates

103
Q

Allows a certificate owner to specify additional domains and IP addresses
to be supported

A

3.9 Public Key Infrastructure (PKI) and Types of Certificates

Subject Alternative Name (SAN)

Sec+ 601 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions