Fundamentals IT Flashcards

1
Q

Ceasar Cipher

A

An encryption that is subsituition cipher which requires you to shift letter a certain amount to decipher as letter were replaced by other letters to cipher the plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Kerckhoff’s Principles

A

6 principles that should serve as the basis for all cryptographic systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Symmetric cryptography

A

uses a single key to both encrypt the plaintext and decrypt the ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Asymmetric cryptography

A

uses 2 keys, a public and a private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Block Cipher

A

take predetermined number of bits like binary numbers which is a block and encrpts the block

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Stream Cipher

A

encypts each bit of plaintext one bit at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ECC ( elliptic curve cyptography}

A

use short keys while maintaining a higher cyptography strength

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DES

A

a block cipher that use 56 bits, the lenght of the key determines the strength of the algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3DES

A

3DES uses 3 round of DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Detterence

A

letting people or employees known that they will be held accountable for their actions if they step out of line dettering them from even trying to have bad intentions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The brewer and nash model

A

if you access (A) files you lose access to (B) files and vice versa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Biba Model

A

those with high level access cannot have access to lower classification and those with lower classification cannot alter higher classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attribute Based Access Control

A

specific attributes of a person, resource, or environment have access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Mandatory Access control

A

the owner doesn’t get decide who has access, but a seperate group or individual has the authority to set who accesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DAC (Discretionary access control)

A

the owner gets to decide who hass access and what level of access they have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Capabilities

A

a user’s token or key known as capability also could be like a badge to enter. The capability is that everyone can enter the same door but others have the capability to enter anytime while others only can enter on a specific timeframe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Clickjacking

A

an attacker must hold some portion of a website control and place a invinsible layer on top of something a person might click which executes a command to do what the attacker wants like make purchases or steal info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Black Holes

A

large scale filtering which traffic is sent to filtered destinations which appear to have vanished into a black hole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

FAR (False acceptance rate)

A

how often you accept a user who should be rejected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

FRR (false rejection rate)

A

how often we reject a legitimate user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Mutual Authentication

A

authenitcation methos where both parties in a transaction authenticate each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Entropy in passwords

A

classic strong contruction scheme of creating passwords 8 characters or longer which us symbols, numbers, charcters, lower and uppercase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Fabrication attack

A

generating fake information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Interception attack

A

affects confidentiality, take forms of unauthorized viewing, copying, eavesdropping, reading someone elses’ email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Modification attack
modifies or tampers with data of a file or other information
26
Interrupption attack
makes assets unusable or unavailable for a set period of time or permanent
27
Pakerian Hexad
uses CIA Triad model but also inludes 3 more models, possesion of control, autheniticity, and utility
28
Possesion of control
physical disposition of media on which data is stored,
29
Authenticity
allows to say whether you've attributed the data to the proper owner or cretor
30
Utility
how useful a data is to you
31
32
Regulatory Compliance
adherence to the laws to the specific industry that you are operating in
33
Industry Compliance
regulations that are not mandated by law but have severe consequences to your business if not being compliant
34
PCI DSS (Payment Card Industry Data Security Standard)
regulations that govern proccessing credit cards any info associated with the card
35
FISMA (Federal Information Security Management Act)
applies to all federal agencies to implement security controls
36
SOX (Sarbanes Oxley Act)
regulates financial data operstions and assets for publiclicly held companies
37
GLBA (Gramm Leach Bliley Act)
aims to protect (PII) Personal identifiable information
38
CIPA (Childrens Internet Protection Act)
requires schools and libraries to prevent from children accessing harmful content on the internet
39
COPPA (Childrens Online Privacy Protection Act)
protects minors younger than 13 by restricting organizations from collecting PII
40
FERPA (Family Educational Rights and Privacy Act)
protects students records once students turn 18 the rights to the records shift from the parents to the students
41
GDPR (General Data Protection Regulation)
cover data protection and privacy for all individuals in the European Union
42
Laws of OPSEC
First law: if you don't know the threat how do you know what to protect? Second Law: if you don't know what you are protecting then how do you know you are protecting it? Third Law:if you are not protecting it, the DRAGON WINS
43
Competitive intellegence
conducting intelligence gathering information to make business decisions
44
Pretexting
atttacker use information gathered to disguise as a manager, customer, reporter,etc. to convince targets to give up senstive information
45
Phishing
attacker uses communications apps like, email, phone calls, texts and try to get user to click on a malicious link that contain malware
46
RAID (Redundant Array of Independant Disks)
takes multiple hard drives and allows them to be used a one large hard drive with benefits
47
Firewall
network security that maintains control of traffic that flow in and out of networks
48
Packet Filtering
the firewall looks at the contents of each packet entering and decides whether to allows or disallows it
49
Stateful Packet Inspection
watches traffic over a given connection
50
Deep Packet Inspection
the same as stateful packet inspection but goes futher with actually inspecting the contents in the packet
51
Proxy Servers
provides a layer of security on devices usually on apps like mail or web browsing and adds choke points
52
DMZ(Demilitirized zone)
seperate a device from the rest of the network as and example of INTRANET zone, Extranet zone, and Internet
53
Scanners
hardware or software tools that enable you to interrogate devices and networks for information. Like a port scanners that scans info on ports and vulnurability scanners to find weak points in a system
54
Packet Sniffers
a tool that can intercept traffic on a network and see if you were intended to recieve it or not
55
Honeypot
are bait as a fake vulnerability where attackers are tricked to think that thst they are attacked the real thing but instead they are being monitored and observed on how they carry attacks and learn on how they think
56
Operating system hardening
reducing every way vulnerabilites can be exposed to attackers by, uninstalling software not being used, closing ports that arn't used, adding anti virus software, perform updates, adding principle of least privledge, turn on logging and auditing
57
Buffer Overflow
when you put in ore data that the application is expecting, example you put in 10 digits when the app only requires 8 digits in the field
58
Jailbreaking
modifying and removing restrictions on a device bypass security features
59
Authentication attacks
attacks tha attempt to gain access to resouces without the proper credentials to do so
60
Authorization attacks
attack to gain access to resources without the proper authorization to do so
61
Client side attacks
attacks that take advantage of weaknesses on software loaded users clients or social enginering on clients
62
Server side attacks
vulnerabilities on the server side of transactions, web server, software and its version, scripting languages
63
Arbitrary code exection
attackers have the ability to execute commands on a system they choose without restriction they are able to do this because of secuirty flaws in scripting languages
64
Priviledge Escalation
attacks that increase the level of access of what you are authorized, to gain higher access control to carry out attacks on a higher level
65
Black Box
penetration texting where the tester has no knowledge environment or entity
66
Grey Box
penetration testing where the tester has some insider knowledge of the environment but not everything
67
White box
penetration testing where the tester has all insider knowledge of the environment
68
Bug bounty programs
an organizations offers rewards to individuals who find vulnertbilities in their resouces, depending on severtiy of the bug they will get compensated with monetary value or other ways
69