Midterm Flashcards

1
Q

confidentiality

A

Avoidance of the unauthorized disclosure of information

Confidentiality is crucial for protecting sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

integrity

A

Information has not been altered in an unauthorized way

Integrity ensures that data remains accurate and trustworthy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

availability

A

Information is accessible and modifiable in a timely fashion by those authorized

Availability ensures that users can access information when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

assurance

A

How trust is provided and managed in computer systems

Assurance includes methods to ensure that systems function as intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

authenticity

A

Determine that statements, policies, and permissions by persons/systems are genuine

Authenticity is vital for verifying the legitimacy of data and actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

anonymity

A

Certain records or transactions not to be attributable to any individual

Anonymity protects individuals’ identities in transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

encryption

A

Transformation of information using a secret called an encryption key

Encryption is a key method for securing data from unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

access control

A

Rules and policies that limit access to confidential info to those who need to know

Access control is essential for maintaining confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

authentication

A

Determination of identity or role that someone has

Authentication verifies user identities before granting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

authorization

A

Determination if a person/system is allowed access to resources

Authorization follows authentication to control access rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

physical security

A

Establishment of physical barriers to limit access to computational resources

Physical security protects hardware and infrastructure from unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

backup

A

Periodic archiving of data

Backups are essential for data recovery in case of loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

checksum

A

Computation of a function that maps the contents of a file to a numerical value

Checksums are used to verify data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

data correcting code

A

Methods for storing data in such a way that small changes can easily be detected and automatically corrected

Data correcting codes enhance data reliability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

digital signature

A

Cryptographic computations that allow a person/system to commit to the authenticity of their documents in a unique way that achieves nonrepudiation

Digital signatures provide a means of verifying the sender’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

nonrepudiation

A

Authentic statements issued by some person/system cannot be denied

Nonrepudiation ensures accountability in communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

eavesdropping

A

Interception of information intended for someone else during its transmission over a communication channel

Eavesdropping poses a significant risk to data confidentiality.

18
Q

correlation

A

Integration of multiple data sources and information flows to analyze relationships between different data sets

Correlation helps in identifying patterns and insights.

19
Q

traceback

A

Process of determining the source of a particular data stream or piece of information by analyzing its flow through various data points

Traceback is crucial for understanding data origins and preventing misuse.

20
Q

social engineering

A

Manipulation of individuals into divulging confidential information

Social engineering exploits human psychology rather than technical vulnerabilities.

21
Q

pretexting

A

Creating a story that convinces an admin or operator into revealing secret info

Pretexting is a common tactic in social engineering attacks.

22
Q

baiting

A

Offering a kind of ‘gift’ to get a user or agent to perform an insecure action

Baiting leverages curiosity to compromise security.

23
Q

quid pro quo

A

Offering an action or service and then expecting something in return

Quid pro quo is another tactic used in social engineering.

24
Q

man-in-the-middle (MitM) attack

A

an active attack where the attacker intercepts and can modify the communication between two parties.

MitM attacks can lead to data theft or manipulation.

25
Q

denial of service attack

A

disrupts or degrades a data service or access to information by overwhelming the target system with excessive traffic or exploiting system weaknesses

26
Q

Economy of mechanism

A

simplicity in design and implementation of security measures

27
Q

Fail-safe defaults

A

default configuration of a system be a conservative protection scheme

28
Q

Complete mediation

A

every access to a resource must be checked for compliance with a protection scheme

29
Q

Open design

A

security architecture/design of a system should be made publicly available

30
Q

Separation of privilege

A

multiple conditions should be required to achieve access to restricted resources or have a program perform some action

31
Q

Least privilege

A

each program/user of a computer system should operate with the bare minimum privileges necessary to properly function

32
Q

Least common mechanism

A

in systems with multiple users mechanisms allowing resources to be shared by more than one user should be minimized

33
Q

Psychological acceptability

A

user interfaces should be well designed and intuitive, and all security-related settings should adhere to what an ordinary user might expect

34
Q

Work factor

A

cost of circumventing a security measure should be compared with the resources of an attacker when designing a security scheme

35
Q

Compromise recording

A

sometimes more desirable to record the details of an intrusion than to adopt more sophisticated measures to prevent it

36
Q

Purpose of a BIOS password

A

prevent unauthorized users from modifying BIOS settings or booting the system. It blocks access to the second-stage boot loader, protecting against unauthorized OS changes, boot device modifications, or bypassing security controls

37
Q

Describe how hibernation files can create vulnerabilities

A

when a computer enters hibernation it saves the entire system state (RAM contents) to a hibernation file (hiberfil.sys) on disk, which creates vulnerabilities by allowing possible access to passwords, encryption keys, or session data

38
Q

setuid

A

when set on an executable file, it runs with the owner’s privileges, not the user’s

39
Q

setgid

A

when set on an executable file, it runs with the group’s privileges. When set on a directory, new files inherit the directory’s group

40
Q

Describe Linux sticky bit

A

used on directories to prevent users from deleting or renaming files they don’t own