exam2 x2 Flashcards
explain hashing
Hashing provides a one-way cryptographic algorithm that allows for the secure storage of passwords.
explain digital signatures
Digital signatures use hashing and asymmetric encryption to ensure integrity
and non-repudiation of data.
explain data encryption
-Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted)
-Data encryption ensures that information can be securely transmitted from a
source to a destination.
explain key escrow
Key escrow is commonly used as a method of storing decryption keys with a
trusted third-party
briefly describe certificate authorities
Certificate authorities are used as a method of trusting a certificate. If a
certificate has been signed by a trusted CA, then the certificate owner can also
be trusted.
briefly describe Perfect forward secrecy
Perfect forward secrecy uses temporary encryption keys that change between
sessions. This constant switching of keys makes it more difficult for a third-party to decrypt the data.
briefly explain data sovereignty
Data sovereignty
• Data sovereignty
– Data that resides in a country is subject to
the laws of that country
– Legal monitoring, court orders, etc.
• Laws may prohibit where data is stored
– GDPR (General Data Protection Regulation)
– Data collected on EU citizens must be stored in the EU
– A complex mesh of technology and legalities
• Where is your data stored?
– Your compliance laws may prohibit
moving data out of the country
briefly explain data masking
Data masking • Data obfuscation – Hide some of the original data • Protects PII – And other sensitive data • May only be hidden from view – The data may still be intact in storage – Control the view based on permissions • Many different techniques – Substituting, shuffling, encrypting, masking out, etc.
briefly explain data at rest
Data at-rest • The data is on a storage device – Hard drive, SSD, flash drive, etc. • Encrypt the data – Whole disk encryption – Database encryption – File- or folder-level encryption • Apply permissions – Access control lists – Only authorized users can access the data
briefly explain data in transit
Data in-transit • Data transmitted over the network – Also called data in-motion • Not much protection as it travels – Many different switches, routers, devices • Network-based protection – Firewall, IPS • Provide transport encryption – TLS (Transport Layer Security) – IPsec (Internet Protocol Security)
briefly explain data in use
Data in-use
• Data is actively processing in memory
– System RAM, CPU registers and cache
• The data is almost always decrypted
– Otherwise, you couldn’t do anything with it
• The attackers can pick the decrypted information
out of RAM
– A very attractive option
• Target Corp. breach - November 2013
– 110 million credit cards
– Data in-transit encryption and data at-rest encryption
– Attackers picked the credit card numbers out of the
point-of-sale RAM
briefly explain tokenization
Tokenization
• Replace sensitive data with a non-sensitive placeholder
– SSN 266-12-1112 is now 691-61-8539
• Common with credit card processing
– Use a temporary token during payment
– An attacker capturing the card numbers
can’t use them later
• This isn’t encryption or hashing
– The original data and token aren’t mathematically related
– No encryption overhead
briefly explain Information Rights Management (IRM)
Information Rights Management (IRM) • Control how data is used – Microsoft Office documents, email messages, PDFs • Restrict data access to unauthorized persons – Prevent copy and paste – Control screenshots – Manage printing – Restrict editing • Each user has their own set of rights – Attackers have limited options
A transportation company is installing new wireless access points in their
corporate offices. The manufacturer estimates that the access points will
operate an average of 100,000 hours before a hardware-related outage.
Which of the following describes this estimate?
❍ A. MTTR
❍ B. RPO
❍ C. RTO
❍ D. MTBF
The Answer: D. MTBF
The MTBF (Mean Time Between Failures) is the average time expected
between outages. This is usually an estimation based on the internal device
components and their expected operational lifetime.
The incorrect answers:
A. MTTR
MTTR (Mean Time to Repair) is the time required to repair a product or
system after a failure.
B. RPO
RPO (Recovery Point Objectives) define how much data loss would be
acceptable during a recovery.
C. RTO
RTO (Recovery Time Objectives) define the minimum objectives required
to get up and running to a particular service level.
An organization has traditionally purchased insurance to cover a
ransomware attack, but the costs of maintaining the policy have increased
above the acceptable budget. The company has now decided to cancel the
insurance policies and deal with ransomware issues internally. Which of
the following would best describe this action?
❍ A. Mitigation
❍ B. Acceptance
❍ C. Transference
❍ D. Risk-avoidance
The Answer: B. Acceptance
Risk acceptance is a business decision that places the responsibility of the
risky activity on the organization itself.
The incorrect answers:
A. Mitigation
If the organization was to purchase additional backup facilities and update
their backup processes to include offline backup storage, they would be
mitigating the risk of a ransomware infection.
C. Transference
Purchasing insurance to cover a risky activity is a common method of
transferring risk from the organization to the insurance company.
D. Risk-avoidance
To avoid the risk of ransomware, the organization would need to
completely disconnect from the Internet and disable all methods that
ransomware might use to infect a system. This risk response technique
would most likely not apply to ransomware.