General Security Concepts Flashcards
What threat actor is most likely to be hired by a foreign government to attack critical systems in other countries?
Organized crime
What security control type does an acceptable use policy best represent?
Preventative
What is a risk register?
A tool used in risk management that records details of all identified risks, making it easier to manage and track them
What is a group or individual that is sponsored by a government to conduct cyber operations against other nations/organizations/individuals called?
Nation-state actor
According to the shared responsibility model, which role is responsible for securing the company’s database in an IaaS model for a cloud environment?
Client
What allows for the attribution of messages to individuals?
Non-repudiation
In the CIA triad, what is Availability?
Information is able to be stored, accessed, or protected at all times
In the CIA triad, what is Integrity?
- Information has not been modified or altered without proper authorization
- Hashes
In the CIA triad, what is Confidentiality?
- The information has not been disclosed to unauthorized people
- Encryption
When does non-repudiation occur?
When you have proof that someone has taken an action
What are some examples of non-repudiation?
- Digital signatures
- Message authentication code (MAC)
What are examples of administrative controls?
- Policies
- Procedures
- Security awareness training
- Contingency planning
- Disaster recovery plans
What is an example of regulatory controls?
HIIPA
Whare are examples of technical controls?
- Smart cards
- Encryption
- ACLs
- IDS
- Network authentication
What threat actor is described as having limited skill and only running other people’s exploits and tools?
Script kiddies