Encryption Flashcards

1
Q

What are the 5 steps in Risk Assessment

A

1) Assets
2) Vulnerability
3) Threat
4) Adversary
5) Consequence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the best way to tailor security controls

A

Tailor controls specific to your assets to minimise the burdens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the 3 word acronym for security parameters

A

C - Confidentiality
I - Integrity
A - Availabilty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the extended acronym for security parameters

A

CIA
P - Possession
A - Authenticity
N - Non-repudiation
A - Authorisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Confidentiality

A

when we want an asset to remain undisclosed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Integrity

A

Ensuring the accuracy and completion of an asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Availability

A

The asset must be available and functioning when we need it e.g. not destroyed or encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Possession

A

Ensuring that the asset remains in the right hands and not stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Authenticity

A

Validity of claim of origin or authorship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Non-Repudiation

A

Ensures that neither the sender or receiver can deny fulfillment of either end of a contract

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 main types of protection

A

Prevention
Detection
Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Prevention

A

Preventing files from being compromised e.g. encryption or keeping keys hidden

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Detection

A

Being able to detect an attacker e.g. using deliberate traps, canary tokens and other notification triggers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Recovery

A

Having the ability to recover what is lost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Zero Trust Model

A

Everything done involves a factor of risk. Evaluate and Distribute the trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How would you distribute the trust when you need to upload files to a cloud-based storage

A

1) Can’t trust cloud service
2) Back-up files in separate location
3) Encrypt uploaded files using hash only you have access to

17
Q

How would you distribute the trust when downloading an untrusted app

A

Run it in an isolated VM or sandbox to trap any malware

18
Q

What is encryption?

A

Turning readable text in to unreadable ciphertext

19
Q

Pros and cons of high bit-rate algorithm

A

More secure but takes longer to encrypt and decrypt

20
Q

What is a brute force attack?

A

When you try to guess a password by trying all possible combinations

21
Q

What is a dictionary attack?

A

Using all the words in the dictionary

22
Q

What is symmetric encryption?

A

Symmetric encryption uses 1 key
Is used in most encryption protocols
Is fast and currently ‘unbreakable’
Common standard for HTTPS, Tor, SSH etc.

23
Q

What is Asymmetric encryption?

A

The use of 2 keys, one public and one private

24
Q

What are some common asymmetric key algorithms

A

RSA
Elliptical curve cryptosystem (ECC)
Diffie-Hellman (DH)

25
If you encrypt with the senders private key, what do you need to decrypt
The senders public key - Authentication of sender
26
If you encrypt with the receivers public key, what is needed to decrypt
The receivers private key - Confidentiality, only receiver can decrypt message
27
What is a Crypto system
The use of various crypto techniques in combination
28
Pros and cons of Asymmetric Algorithms
Better key distribution Can place pub key on site but only intended reader can decipher with priv key Authentication & Non-Repudiation V slow compared to symmetric Mathematically intensive (higher bit-rate)
29
Pros and Cons of symmetric algorithms
Fast & Strong Not scalable - Sending an encrypted file to 10 people requires 10 keys to also be sent out
30
What is a Digital Signature?
A hash value (digest) that is encrypted with the senders private key
31
What security parameters are provided by hashing?
Confidentiality Integrity Authentication Non-Repudiation