Information Security

Question 1

What is the acronym SSL? (in terms of Identity and Access Management)

Answer 1

Secure Sockets Layer - cryptographic protocol to provide secure communication over a network (HTTPS). Relies on digital certificates and a “handshake” process.
Succeeded by TLS

Question 2

What is the acronym TLS? (in terms of Identity and Access Management)

Answer 2

Transport Layer Security - cryptographic protocol to provide secure communication over a network (HTTPS). Relies on digital certificates and a “handshake” process.
Preceded by SSL

Question 3

In the context of Identity and Access Management, what is a “handshake”?

Answer 3

A process where the client and server establish a secure connection.
Exchanging certs, agreeing on encryption algorithms, establishing a session key.

Question 4

What is the acronym CA? (in terms of Identity and Access Management)

Answer 4

Certificate Authority - trusted organizations that issue and manage digital certificates.

Question 5

What is the acronym SSH?

Answer 5

Secure Shell - protocol for secure, remote access to a computer or server.

Question 6

A testing methodology that includes analyzing source code to find security vulnerabilities. Find and fix flaws prior to deployment

Answer 6

Static Application Security Testing (SAST)

source

Question 7

Scanning open source and third party components contained within source code. Check for the use of open source license risks, outdated, unsupported components, and dependencies within components.

Answer 7

Software Composition Analysis (SCA)

source

Question 8

A nested inventory, a list of ingredients that make up software components.

Answer 8

Software Bill of Materials (SBOM)

source