Final Exam Flashcards
What is CIA?
Confidentiality, Integrity, Availability. How do we keep something secret, how do we control modification, and how can we make sure that it can be accessed
What is authentication? What are the four ways of validating?
What you know, what you are, where you are, something you have. It is the process of identifying someone’s identity
What are the three kinds of access models and what do they do?
Discretionary, mandatory, and role based. An individual sets the access control, the system sets access control and the individual can’t make edits, controls are based off of roles, not individuals
What are examples of symmetric crypto?
AES, 3DES
How many keys are used in Symmetric crypto?
1
How many keys are used in asymmetric crypto?
2
What are examples of asymmetric crypto?
Sha, md5
Why can’t you unhash?
Because you run crypto with additional text so that everything gets mixed up
What are some mitigation strategies that should be employed?
Whitelist applications. Find trusted applications that need to be used and block all others. Patch applications within two days of finding risks. Patch the operating system within two days of finding risks, and minimize the number of users
What are the PII Principals? (7)
Notice Purpose Consent Security Disclosure Access Accountability
What are the top Owasp threats
Injections, Broken authentication, cross-site scripting
How can you protect your wifi
Use WPA2 instead of WEP
What is the internet of things?
Connection of physical things to the internet. RFID, security cameras, etc.
How can we create a risk assessment for heartbleed?
Use Dread and Fair
How did the NSA use testing to find heartbleed in 2013?
s