Exam Study Cards Flashcards
What are the primary objectives/goals of security?
To maintain confidentiality, Integrity, Availability (CIA)
What is confidentiality?
Confidentiality means that objects should not be disclosed to subjects that do not have authorization.
What is integrity?
Integrity means that data/objects remain unchanged and are not intentionally altered by unauthorized subjects.
What is availability?
Availability means that the subjects that are authorized have consistent and uninterrupted access to objects.
What is the CIA triad?
The CIA triad contains the concepts of confidentiality, integrity, and availability, which are the three vital principles of security.
What is identification and how does it work?
Identification is what a subject has to provide to a system in the first step of gaining authentication, authorization and accountability.
What is authentication and how does it work?
Authentication means to verify that the identity entered into the system is valid. Information (password) is entered by the subject after providing identification (login ID) and the two must correspond to each other to gain access.
What is security governance?
Security governance is the collection of practices related to defining, guiding, and supporting organizational security efforts.
What is auditing and how does it work?
Auditing is the systematic way for subjects to be held accountable for any actions they performed as authorized users of a system. Auditing detects unauthorized or nefarious activities on a system. Auditing also keeps track of attempted intrusions and any system failures/outages. Because of its tracking mechanisms, auditing can produce logs and analysis of those logs as well as provide them for prosecution evidence.
What is accountability?
Accountability holds subjects accountable for their actions. Accountability can only successfully work once identity is authenticated. Security policies need accountability in order to be enforced.
What is nonrepudiation?
This ensures that a subject cannot deny that they performed an action or an event occurred.
What kind of plans are included in security management and what do they do?
Strategic plans - long-term and stable, defining the goals, missions, and objectives of the organization.
Tactical plans - mid-term plans that are formed to provide a more detailed account on how to accomplish the goals in the strategic plan.
Operational plans - short-term and very detailed and concise plans that revolve around strategic and tactical plans.
What is data remanence?
This is the data that was deleted but actually ends up remaining until it is overwritten.
What can you do to eliminate residual data that still remains after it was deleted?
Clearing Purging Degaussing Overwrite with 1's and 0's Destruction Encryption
What is the most valuable asset to an organization?
People. Any risk that involves the loss of life is the highest risk and must be mitigated.
What is ROI?
The amount of money saved by implementing a safeguard. If the annual total cost of ownership (TCO) than the annual loss expectancy (ALE), this equates to a positive ROI.
What are the objectives/goals of information risk management?
- Identify assets and their value
- Identify the vulnerabilities and threats to the assets
- Quantify the probability and business impacts of potential threats (risks)
- Determine the needs
- Deploy a positive ROI safeguard
- Monitor and evaluate systems and practice
- Promote and spread security awareness
What does encryption provide?
Confidentiality by denying unauthorized reads.
Authenticity by validating the source of the message to ensure the sender is who they proclaim to be.
Integrity by denying unauthorized writes AND assurance that the message was not modified.
Non-repudiation by establishing that a subject cannot deny performing an action.
What is Kerckhoff’s Principle?
Principle that maintains that only the key should be kept secret while algorithms are publicly known.
What is a unbreakable cipher?
A one-time pad.
What is hybrid encryption?
Using symmetric to encrypt messages and asymmetric to encrypt the symmetric key
What is a digital certificate?
A public key signed with a digital signature.
What is HMAC?
HMAC (Hashed Message Authentication Code) gives integrity and authenticity by combining symmetric encryption with hashing. It is used by IPSec.
What is an APT group?
An APT (Advanced Persistent Threat) group has the ability to coordinate very sophisticated attacks.
What is TPM?
TPM (Trusted Platform Module) is a hardware encryption method that uses a storage root key. Typically used to encrypt hard drives on laptops.
What is redundancy?
A method used to prevent data loss on a server.
What is a white box tester?
A tester that has full authorized access to product documentation, including the code and data structures used by the application.
What is a black box tester?
A tester that does not have access to product documentation or any prior experience with an application.
What is a secure DNS zone transfer?
A mechanism that prevents attackers from downloading data that maps IP addresses to devices.
What is a cognitive password?
A password that an attacker is able to form/gain based on personal identifying information(PII) posted on social media websites.
What is PAT?
PAT (Port Address Translation) is the protocol that allows internal computers to share one public IP address.
What is virtualization?
A method that allows multiple servers to operate on a single physical server.
What is SNMP?
SNMP (Simple Network Management Protocol) is used to manage and monitor switches and routers.
What are methods to detect changes in files?
- MD-5 (Message Digest 5)
- SHA (Secure Hash Algorithm)
- HMAC ( Hash-based Message Authentication Code)
What is CRL?
CRL (Certificate Revocation List) is a list that identifies revoked certificates and is unrelated to sharing encryption keys.
What is NDP?
NDP (Neighborhood Discovery Protocol) is used by IPv6 to resolve IPv6 addresses to media access control (MAC) addresses.
What is RADIUS?
RADIUS (Remote Authentication Dial-In User Service) is an authentication service for remote users and devices.
What is Diameter?
Diameter is an authentication service for remote users and devices. It is more secure than RADIUS.
What is ECDHE?
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) allows negotiation of encryption keys securely over a public network.
What is a WPA cracking attack?
WPA (Wi-fi Protected Access) attack is the method of capturing traffic and performing an offline brute force attack to discover/steal the encryption key.
What is a WPS attack?
An attack that uses brute force attack but does not need to wait for an authorized client to connect.
What is a initialization vector attack?
An attack that often uses packet inject techniques to generate more traffic in WEP attacks.
What is full-device encryption?
Encryption that can be implemented to safeguard confidentiality of data if a mobile device is lost of stolen.
What is application whitelisting?
A method that identifies and lists authorized software and prevents users from installing or running any other software.
What is a yagi antenna?
A high-gain directional antenna with a very narrow radiation pattern. It is a desired choice for providing connectivity between two buildings without running any physical mediums (cables).
What is Blowfish?
A symmetric block cipher that provides strong encryption for processing payment card data. Works very fast.
How is ALE calculated?
ALE = SLE x ARO
What is the most important purpose of classifying information?
To identify security classifications for sensitive data and define the requirements to protect that sensitive data.
How is the classification of data determined?
Based on its value to an organization
What is purging?
Removing all data by writing over existing data multiple times to ensure data cannot be recovered.
Why is sanitization likely to be unreliable?
Because personnel can perform the purging, degaussing, or other processes improperly.
What is destruction?
The most secure method of eliminating data on optical media (DVD)
What is the problem with remanence?
It does not completely eliminate data.
What is SSH?
A secure alternative for connecting to a remote server for administration. It encrypts data transmitted over a network.
What are the duties of a data custodian?
To perform day-to-day tasks to protect the CIA of data as directed by senior management by doing backups, verifying data integrity, implementing security solutions and managing storage by classification label.
What is Bcrypt?
Encryption method based on Blowfish that encrypts passwords on Linux by adding 128 additional bits as a SALT to combat against rainbow table attacks.
What are the “Rules of Behavior”?
Rules that identify appropriate use and protection of data. This applies to subjects/users, not systems or security controls.