Midterm Flashcards

1
Q

confidentiality

A

Avoidance of the unauthorized disclosure of information

Confidentiality is crucial for protecting sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

integrity

A

Information has not been altered in an unauthorized way

Integrity ensures that data remains accurate and trustworthy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

availability

A

Information is accessible and modifiable in a timely fashion by those authorized

Availability ensures that users can access information when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

assurance

A

How trust is provided and managed in computer systems

Assurance includes methods to ensure that systems function as intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

authenticity

A

Determine that statements, policies, and permissions by persons/systems are genuine

Authenticity is vital for verifying the legitimacy of data and actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

anonymity

A

Certain records or transactions not to be attributable to any individual

Anonymity protects individuals’ identities in transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

encryption

A

Transformation of information using a secret called an encryption key

Encryption is a key method for securing data from unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

access control

A

Rules and policies that limit access to confidential info to those who need to know

Access control is essential for maintaining confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

authentication

A

Determination of identity or role that someone has

Authentication verifies user identities before granting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

authorization

A

Determination if a person/system is allowed access to resources

Authorization follows authentication to control access rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

physical security

A

Establishment of physical barriers to limit access to computational resources

Physical security protects hardware and infrastructure from unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

backup

A

Periodic archiving of data

Backups are essential for data recovery in case of loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

checksum

A

Computation of a function that maps the contents of a file to a numerical value

Checksums are used to verify data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

data correcting code

A

Methods for storing data in such a way that small changes can easily be detected and automatically corrected

Data correcting codes enhance data reliability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

digital signature

A

Cryptographic computations that allow a person/system to commit to the authenticity of their documents in a unique way that achieves nonrepudiation

Digital signatures provide a means of verifying the sender’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

nonrepudiation

A

Authentic statements issued by some person/system cannot be denied

Nonrepudiation ensures accountability in communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

eavesdropping

A

Interception of information intended for someone else during its transmission over a communication channel

Eavesdropping poses a significant risk to data confidentiality.

18
Q

correlation

A

Integration of multiple data sources and information flows to analyze relationships between different data sets

Correlation helps in identifying patterns and insights.

19
Q

traceback

A

Process of determining the source of a particular data stream or piece of information by analyzing its flow through various data points

Traceback is crucial for understanding data origins and preventing misuse.

20
Q

social engineering

A

Manipulation of individuals into divulging confidential information

Social engineering exploits human psychology rather than technical vulnerabilities.

21
Q

pretexting

A

Creating a story that convinces an admin or operator into revealing secret info

Pretexting is a common tactic in social engineering attacks.

22
Q

baiting

A

Offering a kind of ‘gift’ to get a user or agent to perform an insecure action

Baiting leverages curiosity to compromise security.

23
Q

quid pro quo

A

Offering an action or service and then expecting something in return

Quid pro quo is another tactic used in social engineering.

24
Q

man-in-the-middle (MitM) attack

A

an active attack where the attacker intercepts and can modify the communication between two parties.

MitM attacks can lead to data theft or manipulation.

25
denial of service attack
disrupts or degrades a data service or access to information by overwhelming the target system with excessive traffic or exploiting system weaknesses
26
Economy of mechanism
simplicity in design and implementation of security measures
27
Fail-safe defaults
default configuration of a system be a conservative protection scheme
28
Complete mediation
every access to a resource must be checked for compliance with a protection scheme
29
Open design
security architecture/design of a system should be made publicly available
30
Separation of privilege
multiple conditions should be required to achieve access to restricted resources or have a program perform some action
31
Least privilege
each program/user of a computer system should operate with the bare minimum privileges necessary to properly function
32
Least common mechanism
in systems with multiple users mechanisms allowing resources to be shared by more than one user should be minimized
33
Psychological acceptability
user interfaces should be well designed and intuitive, and all security-related settings should adhere to what an ordinary user might expect
34
Work factor
cost of circumventing a security measure should be compared with the resources of an attacker when designing a security scheme
35
Compromise recording
sometimes more desirable to record the details of an intrusion than to adopt more sophisticated measures to prevent it
36
Purpose of a BIOS password
prevent unauthorized users from modifying BIOS settings or booting the system. It blocks access to the second-stage boot loader, protecting against unauthorized OS changes, boot device modifications, or bypassing security controls
37
Describe how hibernation files can create vulnerabilities
when a computer enters hibernation it saves the entire system state (RAM contents) to a hibernation file (hiberfil.sys) on disk, which creates vulnerabilities by allowing possible access to passwords, encryption keys, or session data
38
setuid
when set on an executable file, it runs with the owner’s privileges, not the user's
39
setgid
when set on an executable file, it runs with the group’s privileges. When set on a directory, new files inherit the directory’s group
40
Describe Linux sticky bit
used on directories to prevent users from deleting or renaming files they don’t own