Identify Security Requirements Flashcards

1
Q

What are the 4 factors in authentication? Describe each factor.

A
  1. Something you know: includes passwords and PINs
  2. Something you are: includes physical attributes such as height, weight, hair color, etc. Fingerprints and facial characteristics are also included
  3. Something you have: includes something in physical possession such as ATM cards or driver’s license
  4. Something you do: includes the actions or behaviors of an individual. Handwriting is an example of this.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What categories of attacks affect each aspect of the CIA triad?

A

INTERCEPTION affects Confidentiality
INTERRUPTION, MODIFICATION, and FABRICATION can affect both Integrity and Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Interception attacks.

A

Allow unauthorized users to access your data, applications, or environments. Affects CONFIDENTIALITY.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Interruption attacks.

A

Makes your assets unusable or unavailability to you on a temporary or permanent basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Modification attacks.

A

Involve tampering with an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Fabrication attacks.

A

Involve generating data, processes, communications, or other similar material with a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define threats, vulnerabilities and risks in relation to Information Security.

A

Threat: something that has the potential to cause harm
Vulnerabilities: weaknesses, or holes, that threats can exploit to cause you harm
Risk: the likelihood that something bad will happen. You need both a threat and vulnerability that the threat could exploit.

Ex: A wooden structure (vulnerability) next to a fire (threat) creates a risk. Were the structure be made of concrete, you no longer have a vulnerability that can be exploited by the threat (the fire). Therefore, you have no risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define hardware token.

A

A small device, typically the size of a credit card or keychain fob, that you use to authorize your access to a specific network. Often called dongles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define hash functions.

A

A modern type of cryptography, called a keyless cryptography. It converts plaintext into a largely unique and fixed-length value. Can’t be used to discover the contents of the original message but can be used to determine whether the message has been changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define DES

A

A block cipher that uses a 56-bit key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define AES

A

Symmetric key encryption. Uses three different ciphers: one with a 128-bit key, one with a 192-bit key and one with a 256-bit key, all of which encrypt blocks of 128 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define SSL/TLS

A

Secure Sockets Layer and Transport Layer Security are asymmetric algorithms that secure common internet traffic. Encrypts connections between two systems communicating over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define protocols in algorithms

A

Rules that define communication between devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define port

A

A numerical designation for one side of a connection between two devices. We use them to identify the application to which traffic should be routed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define digital certificate

A

Links a public key to an individual by validating that the key belongs to the proper owner, and they’re often used as a form of electronic identification for that person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define ECC

A

Elliptic curve cryptography. Can use short keys while maintaining a higher cryptographic strength than many other types of algorithms. Easily implemented on devices such as cellphones because it is fast and efficient

17
Q

True of False:

RSA is an asymmetric algorithm that can provide confidentiality for data in motion.

A

True

It includes the SSL protocol

18
Q

What type of media is most likely to withstand physical conditions such as temperature changes, humidity, magnetic fields, electricity, etc?

A

Flash media (flash drives)

19
Q
A