Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Information Security > Lecture 3 > Flashcards

Lecture 3 Flashcards

1
Q

What is a threat in cybersecurity?

A

A potential security harm to an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When does a threat materialize?

A

When an attack successfully exploits a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who are common threat agents?

A
  • Hackers
  • Thieves
  • Hacktivists
  • Competitors
  • Organized crime
  • Terrorists
  • Nation-states
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are tangible and intangible assets?

A
  • Tangible assets: Servers, networking equipment, storage devices.
  • Intangible assets: Data, reputation, encryption keys, software.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three categories of vulnerabilities?

A
  • Corrupted (integrity loss)
  • Leaky (confidentiality loss)
  • Unavailable (availability loss)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give three examples of vulnerabilities.

A
  • Weak passwords
  • Insecure network services
  • Outdated software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three main steps of threat modeling?

A
  • Decompose the application
  • Determine and rank threats
  • Determine countermeasures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are trust levels in threat modeling?

A

Levels representing access rights granted to external entities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a data flow diagram (DFD)?

A

A visual representation of how data moves within a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does STRIDE stand for?

A
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What security property does spoofing violate?

A

Authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What security property does tampering violate?

A

Integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What security property does denial of service violate?

A

Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does DREAD stand for?

A
  • Damage
  • Reproducibility
  • Exploitability
  • Affected Users
  • Discoverability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of DREAD scoring?

A

To assign severity scores to threats for risk assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is DREAD sometimes criticized?

A

It relies on subjective scoring.

17
Q

What is an attack surface?

A

The set of exploitable vulnerabilities in a system.

18
Q

What are the three main categories of attack surfaces?

A
  • Network
  • Software
  • Human
19
Q

What is an attack tree?

A

A hierarchical model representing possible attack techniques.

20
Q

What are common countermeasures against spoofing?

A
  • Authentication
  • Secret data protection
21
Q

How can information disclosure be prevented?

A
  • Encryption
  • Access controls
  • Privacy-enhanced protocols
22
Q

What are common defenses against denial of service (DoS) attacks?

A
  • Filtering
  • Throttling
  • Quality of service mechanisms
23
Q

Name three threat modeling tools.

A
  • Microsoft Threat Modeling Tool
  • OWASP Threat Dragon
  • Open Weakness and Vulnerability Modeler

Information Security (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions