General Security Concepts

Question 1

CIA

Answer 1

Confidentiality, integrity, availability

Question 2

Confidentiality

Answer 2

Concept of preventing the disclosure of information to unauthorized parties.

Question 3

Integrity

Answer 3

Protecting the data from unauthorized alteration.

Question 4

Availability

Answer 4

Access to system/data by authorized personnel.

Question 5

Authentication

Answer 5

Process of determining the identity of a user.

Question 6

authorization

Answer 6

the mechanisms to ensure that only valid users are permitted to perform specific allowed actions.

Question 7

Three general methods used in authentication.

Answer 7

Something you know (password)
Something you have (cac card)
Something about you (bio-metrics)

Question 8

Elements of Authorization

Answer 8

A requester
The object
type or level of access

Question 9

Accounting / Auditing

Answer 9

Means of measuring activity.(IT Example, critical elements of activity)

Question 10

Non-repudiation

Answer 10

Concept of preventing a subject from denying a previous action with an object in a system.

Question 11

Session Management

Answer 11

Design and implementation of controls to ensure that communication channels are secured from unauthorized access and disruption of communication.

Question 12

Exception Management

Answer 12

process of handling errors and unknown conditions

Question 13

TCP

Answer 13

Transmission Control Protocol

Question 14

UDP

Answer 14

User Datagram Protocal (connectionless/sessionless)

Question 15

Secure Design Tenets

Answer 15

Good Enough Security
Least Privilege
Separation of Duties
Defense in Depth
Fail Safe

Question 16

Separation of Duties

Answer 16

Ensures that for any given task, more than one individual needs to be involved.

Question 17

Defense in Depth

Answer 17

Layered Security