Intro

Question 1

what does CIA stand for in cyber security

Answer 1

Confidentiality, integrity and availability

Question 2

Describe C in CIA

Answer 2

C stands for confidentiality. Need to make sure data is secure when it is stored, transmitted and when being processed

Question 3

What are some key components of confidentiality in CIA

Answer 3

Need to make sure data is hidden and visible to authorize dusers

Question 4

how can you enforce confidentiality

Answer 4

encryption - not making data available to unauthorized users.

Question 5

describe I in CIA

Answer 5

Data must be accurate and complete and has not been modified

Question 6

how is integrity enforced?

Answer 6

By hashes : summary or message of original data.- and comparing both hashes

Question 7

Describe A in CIA

Answer 7

Availability: making sure data is available as and when required

Question 8

what are violation of availability

Answer 8

damage web server or slow downs web server . slower down process times

Question 9

how can availability be enforces

Answer 9

By redundancy: covering all bases - install multiple communication link so if some are affected you still have back ups

Question 10

what does IAM stand for

Answer 10

Idetity and access management

Question 11

what does IAAA stand for

Answer 11

identification, (name- not authentication), authentication ( proof who you are- ex. secret pin), authorization ( diff levels of access), accountability ( holder is accountable)

Question 12

what is the I in IAAA

Answer 12

Identification: a subject claims and identity e. id badge, retina,

Question 13

what is the first A in IAAA

Answer 13

Authetication: a subject prooves identity
ex. password, pin or metric data

Question 14

what are the phases in an identity lifecycle

Answer 14

1st- provisioning - ex. new accounts
2nd review- periodic account reviews- ex. person moves up
3rc- revocation- disable accounts of employee who leaves

Question 15

what are the types of authentication pass words

Answer 15

type 1- password, pin
type 2- mobile, sim , badge
type 3- something that you are- fingerprint, retina

Question 16

what is the best type of authetication

Answer 16

multifactor( combines more than 1) _ type 1 and type 2 - ex. password and mobile phone

Question 17

explain types of authentication

Answer 17

type 1- something you know
type 2- something u have
type 3 - something u are

Question 18

what is an identity federation

Answer 18

provide the relationship so redundant accounts are not created. use credentials from one account to log onto multiple systems /

Question 19

what are token based authentication

Answer 19

server will generate token and send to client

Question 20

what is single sign on

Answer 20

user logins in once and has access to everything on accounts ( within single organization)

Question 21

what are protocols used i authentication

Answer 21

SAML - standar dfor single sign on implementations
oauth- standard for authorization between parties
-OIDC- build on top of oauth , single sign off implementation

Question 22

what are the security governance to ensure decent and securie policies

Answer 22

policies, - broad, high level
standard - rukes to achieve intent of policies
procedures and guidelines - specific stesp to acienve consistency - train employes

Question 23

what is PII in security regulation

Answer 23

Personally identifuable information - ex. indentify, contact or locate someone

Question 24

what is PHI in security regulatioon

Answer 24

protected health information - ex.health information linked to someone

Question 25

what is GDPR regulation

Answer 25

protects general data

Question 26

what is HIPPA regulations

Answer 26

protect healthcare information

Question 27

what is PCI-DSS regulations

Answer 27

PROTECTS CREDIT CARD data

Question 28

how you can protect intellectual property

Answer 28

patentts, trademark, copyrights

Question 29

what is cryptography

Answer 29

the stude andapplication og methods and techniques to protect information by using codes for secure infromation

Question 30

what is cryptography

Answer 30

the study and application of methods and techniques to protect information by using codes for secure communication

Question 31

what are the two main cateogires for cryptography

Answer 31

1- symmetric encryption
2- Asymmetric encrption

Question 32

what is symetric cryptography

Answer 32

it also called private key encryption ( uses same key for encription and decryption
-the length determines the strength of the encryption (Ex- AES - Popular encryption algorythim)

Question 33

what is ciphertext

Answer 33

it is encrypted text created after using the secret code for encoding ( think of same key needed)

Question 34

what is asymmetric cyptography

Answer 34

it is a public key cryptography
-encrypt document using public key - and destination uses a secret key

Question 35

What happens in hashing

Answer 35

hashing created a fixed sized “summary” to ensure file integrity . an example of hashing digital signatures