Remember This Flashcards
A use case helps:
professionals identify and clarify requirements to achieve a goal
Confidentiality ensures:
that data is only viewable by authorized users
Encryption is the:
best choice to provide confidentiality
Access controls protect:
the confidentiality of data
Steganography supports:
obfuscation by making the hidden data harder to see
Integrity provides:
assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes
Hashing is a common method:
of ensuring integrity
Non-repudiation prevents:
entities from denying they took an action
Digital signatures provide what 2 things?
non-repudiation
integrity for files and email
Audit logs provide:
non-repudiation
Availability ensures:
that data and services are available when needed
Risk is:
the possibility of a threat exploiting a vulnerability, resulting in a loss
A threat is:
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability
A vulnerability is:
a weakness in either the hardware, software, configuration, or users operating the system
Risk mitigation reduces risk by:
reducing the chances that a threat will exploit a vulnerability
by reducing the impact of the risk
Security controls reduce:
risks
The three primary security control types are:
technical
administrative
physical
A technical control is:
one that uses technology to reduce vulnerabilities
Some examples of technical controls are:
Encryption
antivirus software
IDSs
firewalls
the principle of least privilege
Administrative controls are:
primarily administrative and include items such as risk and vulnerability assessments
Preventive controls attempt to:
prevent security incidents
Detective controls attempt to:
detect when a vulnerability has been exploited
Corrective controls attempt to:
reverse the impact of an incident or problem after it has occurred
Deterrent controls attempt to:
prevent incidents by discouraging threats
Compensating controls are:
alternative controls used when it isn’t feasible or possible to use the primary control
Virtualization allows:
multiple servers to operate on a single physical host
Type I hypervisors run:
directly on the system hardware
Type II hypervisors run:
as software within a host operating system
Container virtualization is:
a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers.
Containers don’t have:
a full operating system but instead use the kernel of the host
Snapshots capture:
the state of a VM at a moment in time
Administrators often take a snapshot before what?
performing a risky operation
VM sprawl can occur:
if personnel within the organization don’t manage the VMs
VM escape attacks allow:
an attacker to access the host system from the VM
You run command-line tools in the:
Command Prompt window in Windows and the terminal in Linux
The ping command can:
be used to check connectivity
check name resolution
verify that routers, firewalls, and intrusion prevention systems block Internet Control Message Protocol (ICMP)
The ipconfig command on Windows allows:
you to view the configuration of network interfaces
Linux uses ifconfig and/or ip to:
view and manipulate the configuration of network interfaces
Netstat allows you to:
view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer
Tracert lists:
the routers (also called hops) between two systems. It can be used to verify a path has not changed
The arp command allows you to:
view and manipulate the ARP cache. This can be useful if you suspect a system’s ARP cache has been modified during an attack
Authentication allows:
entities to prove their identity by using credentials known to another entity
Identification occurs when:
a user claims or professes an identity, such as with a username, an email address, a PIV card, or by using biometrics
Authentication occurs when:
an entity provides proof of an identity (such as a password). A second entity is the authenticator and it verifies the authentication
Authorization provides:
access to resources based on a proven identity
Accounting methods track:
user activity and record the activity in logs
Five factors of authentication are:
Something you know, such as a username and password
Something you have, such as a smart card, CAC, PIV, or token
Something you are, using biometrics, such as fingerprints or retina scans
Somewhere you are, using geolocation, a computer name, or a MAC address
Something you do, such as gestures on a touch screen
The something you know factor typically refers to:
a shared secret, such as a password or a PIN. This is the least secure form of authentication
Passwords should be:
strong and changed often
Complex passwords include:
multiple character types
Strong passwords are:
complex and at least 14 characters long
Administrators should verify a:
user’s identity before resetting the user’s password
When resetting passwords manually:
administrators should configure them as temporary passwords that expire after the first use, requiring users to create a new password the first time they log on.
Self-service password systems:
automate password recovery
Password policies provide:
a technical means to ensure users employ secure password practices
Password length specifies:
the minimum number of characters in the pasword
Password complexity ensures:
passwords are complex and include at least three of the four character types
Password history remembers:
past passwords and prevents users from reusing passwords
Minimum password age is:
used with password history to prevent users from changing their password repeatedly to get back to the original password
Maximum password age or password expiration forces:
users to change their password periodically
When administrators reset user passwords, the password should:
expire upon first use
Password policies should:
apply to any entity using a password. This includes user accounts and accounts used by services and applications
Applications with internally created passwords should:
still adhere to the organization’s password policy
Account lockout policies:
lock out an account after a user enters an incorrect password too many times.
Smart cards are:
credit card-sized cards that have embedded certificates used for authentication. They require a PKI to issue certificates
Common Access Cards (CACs) and Personal Identity Verification (PIV) cards can:
be used as photo IDs and as smart cards
Tokens (or key fobs) display:
numbers in an LCD. These numbers provide rolling, one-time use passwords and are synchronized with a server
USB tokens include:
an embedded chip and a USB connection. Generically, these are called hardware tokens
HMAC-based one-time passwords (HOTP) and Time-based one-time passwords (TOTP) are:
open source standards used to create one-time-use passwords
Hash-based Message Authentication one-time password (HOTP) creates:
a one-time-use password that does not expire
TOTP creates:
a one-time password that expires after 30 seconds
Biometric methods are:
the most difficult to falsify.
Biometric physical methods include:
voice and facial recognition
fingerprints
retina scans
iris scans
palm scans
Biometric methods can also be used for:
identification
The false acceptance rate (FAR), or false match rate, identifies:
the percentage of times false acceptance occurs