IAS Flashcards

1
Q

is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation

A

Information Assurance (IA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

study on how to recover should any of those happen.

A

Information Assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

5 aspects of information needed protection

A

Availability, Integrity, Confidentiality, Authentication, Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

timely, reliable access to data and information services for authorized users;

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

protection against unauthorized modification or destruction of information;

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

assurance that information is not disclosed to unauthorized persons;

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

security measures to establish the validity of a transmission, message, or originator.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

assurance that the sender is provided with proof of a data delivery

A

Non- repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: IT security cannot be accomplished in a vacuum

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Four Major categories of Information Assurance

A

Physical Security, personnel security, IT security, Operational Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.

A

Physical Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

6 Proper Practice of Information Assurance

A

-enforcing hard-to-guess passwords
- encrypting hard drives
- locking sensitive documents in a safe
- assigning security clearances to staffers
- using SSL for data transfer
- having off-site back up of documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction,

A

Personnel Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

action or inaction by insiders and known outsiders, such as business partners.

A

Personnel Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

is the inherent technical features and functions that collectively contribute to an IT infrastructure

A

IT security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

involves the implementation of standard operational security procedures

A

Operational Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Purpose of operational security

A

achieve and sustain a known secure system state at all times
-prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

According to _________, a computing environment is made up of five continuously interacting components

A

Raggad’s taxonomy of information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

5 continuously interacting components

A

activities, people, data. technology and network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

According to ______, IA can be thought of as protecting information at three distinct levels

A

Blyth and Kovacich

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

3 distinct levels

A

Physical
-information infrastructure
- perceptual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

data and data processing activities in physical space;

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

information and data manipulation abilities in cyberspace;

A

information infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

knowledge and understanding in human decision space.

A

Perceptual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the lowest level focus of IA?

A

Physical Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Computers, physical networks, telecommunications and supporting systems such as power, facilities and environmental controls

A

Physical Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

At this level people are the one who manage the systems.

A

Physical Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.

A

Desired effects(Physical level)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.

A

Attackers Operations ( Physical level)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

physical security, OPSEC, TEMPEST

A

Defenders Operations ( Physical Level)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

COMPSEC meaning:

A

Computer security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

COMSEC:

A

Communications and network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

ITSEC

A

both COMPSEC and COMSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the second level focus of IA?

A

Infrastructure level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

OPSEC

A

operations security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

 This covers information and data manipulation ability maintained in cyberspace, including: data structures, processes and programs, protocols, data content and databases.

A

Infrastructure Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

to influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.

A

Desired effects ( IL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service attacks.

A

Attackers Operation (IL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

A

Defenders Operation (IL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the third level of IA?

A

Perceptual Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

 This is abstract and concerned with the management of perceptions of the target, particularly those persons making security decisions.

A

Perceptual Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

to influence decisions and behaviors

A

Desired effects ( PL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

psychological operations such as: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust.

A

Attackers Operation (PL)

42
Q

personnel security including psychological testing, education, and screening such as biometrics, watermarks, keys, passwords

A

Defenders Operation (PL)

43
Q

It is the flip side of information assurance

A

Information Warfare

44
Q

involves managing an opponent’s perception through deception and psychological operations. In military circles, this is called Truth Projection.

A

TYPE I

45
Q

gathers intelligence by exploiting the opponent’s use of information systems.

A

TYPE III

45
Q

involves denying, destroying, degrading, or distorting the opponent’s information flows to disrupt their ability to carry out or coordinate operations.

A

TYPE II

46
Q

6 offensive players of IW

A

Insiders, Hackers, Criminals, Corporations, Government and terrorists

47
Q

consists of employees, former employees and contractors.

A

Insiders

48
Q

one who gains unauthorized access to or breaks into information systems for thrills, challenge, power, or profit.

A

Hackers

49
Q

target information that may be of value to them: bank accounts, credit card information, intellectual property, etc.

A

Criminals

50
Q

actively seek intelligence about competitors or steal trade secrets.

A

Corporations

51
Q

seek the military, diplomatic, and economic secrets of foreign governments, foreign corporations, and adversaries. May also target domestic adversaries.

A

Government and agencies

52
Q

usually politically motivated and may seek to cause maximal damage to information infrastructure as well as endanger lives and property.

A

Terrorists

53
Q

Protection Pillars f IA

A

“ensure the availability, integrity, authenticity, confidentiality, and non-repudiation of information”

54
Q

IA is both proactive and reactive involving

A

protection, detection, capability restoration, and response.

55
Q

“timely attack detection and reporting is key to initiating the restoration and response processes.”

A

Attack Detection

56
Q

“relies on established procedures and mechanisms for prioritizing restoration of essential functions.

A

Capability Restoration

57
Q

may rely on backup or redundant links, information system components, or alternative means of information transfer.”

A

Capability Restoration

58
Q

the resource being protected, including: physical assets: devices, computers, people; logical assets: information, data (in transmission, storage, or processing),

A

Asset

59
Q

the items being protected by the system (documents, files, directories, databases, transactions, etc.)

A

Objects

60
Q

entities (users, processes, etc.) that execute activities and request access to objects.

A

Subjects

61
Q

operations, primitive or complex, that can operate on objects and must be controlled

A

Actions

61
Q

7 Critical Aspects: Information assets (objects) may have critical aspects:

A

Availability, accuracy, authenticity, confidentiality, integrity, utility, possession

61
Q

in the Unix operating system, processes (___) may have permission to perform read, write or execute (____) on files (__)

A

Subjects, actions, objects

62
Q

authorized users are able to access it;

A

Availability

63
Q

the information is free of error and has the value expected

A

Accuracy

64
Q

the information is genuine;

A

Authenticity

65
Q

the information has not been disclosed to unauthorized parties;

A

Confidentiality

66
Q

the information is whole, complete and uncorrupted;

A

Integrity

67
Q

the information has value for the intended purpose;

A

utility

68
Q

the data is under authorized ownership and control.

A

possession

69
Q

may be conducted by criminals, but also by states for industrial
espionage, for economic damage to apply pressure, or to inflict real damage
to infrastructure as an act of war

A

Cyber Attack

70
Q

requires some form of physical security, since physical
access to computer systems enables a whole class of attacks.

A

Cybersecurity

71
Q

is the protection of computer systems from the damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

A

Computer Security or IT security

72
Q

may depend on cybersecurity to the extent that it uses
computer systems

A

Physical Security

73
Q

is concerned with the absence of misbehavior, both in
normal and exceptional situations, but still in a neutral environment when no
one is trying to intentionally attack the system

A

Software safety

74
Q

aims for the absence of misbehavior in an
adversarial environment,

A

Safety

74
Q

aims for the absence of misbehavior in an
adversarial environment, where an attacker intentionally tries to misuse a
system, putting it in an erroneous state that is not part of its intended
specification

A

Software security

75
Q

where an attacker intentionally tries to misuse a
system

A

Security

76
Q

is an essential cornerstone in a digital world which increasingly
pervades every aspect of our daily lives, public and private. Without it, the world collapses.

A

Security

76
Q

ability for individuals to control their personal data and decide what to reveal to
whom and under what conditions.

A

Privacy

76
Q

CIA Triad stands for?

A

Confidentiality, Integrity, and Availability

77
Q

Cybersecurity consists in ensuring three basic and essential
properties of information, services, and IT infrastructures well known as the?

A

CIA triad

77
Q

confidentiality of the identity of the user or entity

A

Anonymity

78
Q

a set of rules that specify how sensitive and critical resources are protected, i.e., how some or all of the previous properties are guaranteed.

A

Security Policy

78
Q

initially defined as the ability of a system to return to its original
state after an attack

A

Resilience

79
Q

related to scientific methods of identifying the authors of
a crime by examining objects or substances involved in the crime.

A

Forensic Analysis

79
Q

aims to explain the state of a computing system
by extracting information and using it to reconstruct the series of actions undertaken
by the attacker

A

Forensic Analysis

80
Q

has been given to practices where
governments or governmental organizations perform surveillance and data
collection at a national scale (or larger)

A

Mass Dataveillance

81
Q

targets an individual of (supposed) interest.

A

Personal Dataveillance

82
Q

are physical attacks based on the observation of the
circuit behavior during a computation

A

Side Channel analysis

83
Q

a well-known class of physical attacks where a
device undergoes a modification of physical parameters in order to obtain an
incorrect behavior

A

Fault Attacks

84
Q

can also be generated in multicore SoC using the
Dynamic Voltage and Frequency Scaling (DVFS), i.e

A

Perturbation

85
Q

attacking this
basic and essential network service can, for instance, isolate a whole country or at
the opposite redirect all the traffic of a country through a surveillance point. Another
crucial network service, DNS, translates readable hostnames into IP addresses. An
attack against this service can redirect a user to a fake banking web site in order to
steal the user’s credentials

A

Routing

86
Q

s a hierarchical decentralized naming system for the Internet, with
scalability and flexibility as key design goals.

A

Domain Name System(DNS)

87
Q

used for address resolution,i.e.,
hostname to IP mapping (e.g., “www.example.com” resolves to IPv4 address “1.2.3.4”), as
well as the inverse mapping.

A

DNS

88
Q

Type of routing thtat controlled by a single organization

A

Autonomous System

89
Q

is the protocol currently in use on the Internet for the
exchange of routing and reachability information among autonomous systems.

A

Border Gateway Protocol

90
Q

more advanced and leveraging higher social
intelligence to make people confident in the legitimacy of the request they
received

A

Spear Phishing

91
Q

aims at convincing the user to perform an action,
such as revealing a password, by gaining their trust.

A

Social Engineering

92
Q

usually aims at obtaining
information like passwords, credit card numbers etc. It is often based on massive
email campaigns (spam) or messages over other communication media (chats,
social media) requesting that people provide sensitive information either by
replying to the email or by connecting to a website

A

Phishing

92
Q

convince a person to perform a forbidden or
sensitive action by gaining their trust

A

Social Engineering

93
Q

aims at flipping memory bits while reading and writing
another cell.

A

Rowhammer Attack

94
Q
A
94
Q
A