Fundamentals of security Flashcards
What does Non-Repudiation guarantee?
An action or event cannot be denied (e.g., digital signatures).
What are the conditions where no risk exists?
If there is a threat but no matching vulnerability, or a vulnerability but no threat, there is no risk.
What does Integrity ensure in the context of data?
Accuracy and trustworthiness of data over its entire lifecycle.
What are five methods used to maintain data integrity?
Hashing, Digital Signatures, Checksums, Access Controls, Regular Audits
What is hashing?
A process that converts data into a fixed-size value.
What does availability ensure in the context of information systems?
It ensures that information, systems, and resources are accessible and operational when needed by authorized users.
What is redundancy in the context of systems and network design?
It is the duplication of critical components or functions to enhance the reliability of the system.
What are the types of redundancy in system and network design?
Server Redundancy, Data Redundancy, Network Redundancy, and Power Redundancy are types of redundancy used to improve reliability and availability.
What is a digital signature and how is it created?
A digital signature is unique to each user. It is created by hashing a message and then encrypting the hash with the user’s private key using asymmetric encryption.
What are the five commonly used authentication methods?
Something you know (Knowledge Factor)
Something you have (Possession Factor)
Something you are (Inherence Factor)
Something you do (Action Factor)
Somewhere you are (Location Factor)
What is Multi-Factor Authentication (MFA)?
A security process that requires users to provide multiple methods of identification to verify their identity.
What is the function of Syslog Servers?
They aggregate logs from various network devices and systems for analysis to detect patterns or anomalies.
What do Network Analysis Tools do?
They capture and analyze network traffic, offering detailed insights into data movement within a network.
What are Security Information and Event Management (SIEM) Systems?
They provide real-time analysis of security alerts generated by hardware and software infrastructures.
What is Gap Analysis?
A process that evaluates the differences between an organization’s current performance and its desired performance.
What are the steps involved in conducting a gap analysis?
Define the scope of the analysis.
Gather data on the current state of the organization.
Analyze the data to identify gaps between current and desired performance.
Develop a plan to bridge the identified gaps.
What is Technical Gap Analysis?
It involves evaluating an organization’s current technical infrastructure to identify deficiencies relative to the technical capabilities required for optimal security solutions.
What is Business Gap Analysis?
It involves evaluating an organization’s current business processes to identify deficiencies relative to the capabilities required to fully utilize cloud-based solutions
What is Zero Trust?
A security model that demands verification for every device, user, and transaction within the network, regardless of origin.
