SEC+ ch 1 - 4 Flashcards
What is the definition of Information Security (InfoSec)?
Protection of data from unauthorized access, attacks, theft, or damage during storage, processing, or transmission.
What are the three components of the CIA Triad?
Confidentiality, Integrity, and Availability.
How is Confidentiality achieved in the CIA Triad?
Through encryption and access controls to ensure only authorized users can access the information.
What ensures Integrity in the CIA Triad?
Hashing and checksums to maintain data accuracy and prevent unauthorized alterations.
How is Availability maintained in the CIA Triad?
Through backups and redundancy to ensure information is accessible to authorized users when needed.
What is Non-repudiation in InfoSec?
Ensures users cannot deny actions they’ve taken, achieved with digital signatures and logs.
What are the five functions of the NIST Cybersecurity Framework (CSF)?
Identify, Protect, Detect, Respond, Recover.
What is Gap Analysis in Information Security?
A process to identify gaps between current security measures and recommended frameworks, resulting in a report with missing or misconfigured controls and steps for improvement.
What does Access Control determine in InfoSec?
How subjects (people, devices, systems) interact with objects (networks, files, databases).
What are the four IAM (Identity and Access Management) processes?
Identification, Authentication, Authorization, Accounting.
What does AAA stand for in Access Control?
Authentication, Authorization, Accounting.
What are Security Controls?
Processes, activities, or technologies used to ensure confidentiality, integrity, availability, and non-repudiation of data.
Name the four categories of Security Controls.
Managerial, Operational, Technical, Physical.
What is the primary focus of Managerial Security Controls?
Providing oversight of the system, including risk identification and evaluation.
What are Operational Security Controls?
Controls implemented by people, such as security guards and training programs.
Give examples of Technical Security Controls.
Firewalls, antivirus software, access control models.
What are Physical Security Controls?
Controls that deter access to premises or hardware, such as locks, alarms, and security cameras.
What are the Functional Types of Security Controls?
Preventive, Detective, Corrective, Directive, Deterrent, Compensating.
What is the purpose of Preventive Security Controls?
To eliminate or reduce the likelihood of an attack before it happens.
What do Detective Security Controls do?
Identify and record attempted or successful intrusions during an attack.
How do Corrective Security Controls function?
They eliminate or reduce the impact of an attack after it occurs.
What are Directive Security Controls?
They enforce rules of behavior, such as policies and standard operating procedures.
Define Deterrent Security Controls.
Controls that discourage an attacker psychologically, such as warning signs of penalties.
What are Compensating Security Controls?
Controls that substitute for a principal control to provide the same level of protection using a different method.
What is the role of a Chief Information Security Officer (CISO)?
Responsible for security in larger organizations.
Name some responsibilities of Technical Staff in InfoSec.
Implementing, maintaining, and monitoring security policies, such as systems/network administrators and ISSOs.
What is the Security Policy?
A formal statement defining how security will be implemented to protect confidentiality, availability, and integrity of data.
What is a Vulnerability in InfoSec?
A weakness in systems that can be accidentally triggered or exploited intentionally.
Define Threat in the context of InfoSec.
The potential for a vulnerability to be exploited by a threat actor using a threat vector.
What constitutes Risk in Information Security?
The likelihood and impact of a threat actor exploiting a vulnerability.
Differentiate between Internal and External Threat Actors.
Internal Threat Actors have authorized access (e.g., employees), while External Threat Actors do not and must infiltrate systems using unauthorized means (e.g., hackers).
What factors influence the sophistication of a threat actor?
The level of tools they use, ranging from basic to advanced/customized exploits, and access to non-cyber tools like political or military assets.
How do Resources and Funding affect Threat Actors?
Well-funded actors, such as nation-states and organized crime, can develop custom tools and employ expert personnel, making them more capable.
What are common Motivations of Threat Actors?
Financial gain, political/ideological goals, chaos, revenge, blackmail, data exfiltration, disinformation.
What is a Service Disruption motivation?
Preventing normal business operations through methods like DDoS attacks or malware disrupting server access.
Define Data Exfiltration.
Theft of data for personal use, blackmail, or sale to third parties.
What is Disinformation in InfoSec?
Spreading false information or altering trusted resources to target the integrity of data.
What are Chaotic Motivations?
Motivations aimed at causing chaos for notoriety or revenge, such as early internet vandalism and revenge attacks.
List some Financial Motivations of Threat Actors.
Blackmail, extortion, fraud, such as ransomware attacks or embezzlement.
What are Political Motivations in threat activities?
Actions like espionage, disinformation, sabotage by nation-states or hacktivist groups to further national or ideological goals.
Who are Hacktivists?
Groups using cyberattacks to promote political agendas, such as Anonymous or WikiLeaks.
What characterizes Nation-State Actors?
Well-funded and highly capable attackers involved in espionage, disinformation, or sabotage for military or economic goals, often using Advanced Persistent Threats (APTs).
What is Commercial Espionage?
Companies attempting to steal trade secrets or disrupt competitors’ operations.
Differentiate between Malicious Insider and Unintentional Insider Threats.
Malicious Insiders intentionally launch attacks for revenge or gain, while Unintentional Insiders make mistakes or fail to follow security protocols.
What is an Attack Surface?
All the points at which a threat actor could exploit a vulnerability, such as network ports, applications, computers, and users.
How can you minimize the Attack Surface?
By restricting access to known endpoints, protocols/ports, and services, and by monitoring and assessing each point for vulnerabilities.
What is a Threat Vector?
The path a threat actor uses to execute an attack, such as data exfiltration, service disruption, or disinformation.
What are Vulnerable Software Vectors?
Flaws in software code or design that allow exploitation, such as misconfigured hardware/software or weak passwords.
How can Software Vulnerabilities be addressed?
Through patches, though patching is often delayed; consolidating systems and standardizing software versions can also reduce risk.
What are Unsupported Systems and Applications?
Software that no longer receives updates or patches, making it highly vulnerable.
Differentiate between Remote and Local Exploits.
Remote exploits are triggered over a network without requiring an authenticated session, while Local exploits require an authenticated session or valid credentials.
What are the risks associated with Unsecure Networks?
Vulnerabilities in confidentiality (e.g., eavesdropping), integrity (e.g., on-path attacks), and availability (e.g., DoS attacks).
Name specific Network-Based Threat Vectors.
Direct access, wired network attacks, remote/wireless network exploits, cloud access vulnerabilities, Bluetooth network exploits, default credentials exploitation, open service ports.
What is a Watering Hole Attack?
Compromising a website frequently used by a specific target group to infect users who visit it.
What are Human Vectors in Social Engineering?
People (employees, contractors, suppliers, customers) who are part of an organization’s attack surface.
Define Social Engineering.
Manipulating people into providing sensitive information or performing actions for the threat actor, often referred to as “hacking the human.”
What is Impersonation in Social Engineering?
Pretending to be someone else, such as IT support, to trick targets into revealing sensitive information or allowing access.
What is Pretexting in Social Engineering?
Crafting a convincing story to support impersonation, often using privileged information to make the impersonation more believable.
Differentiate between Phishing and Pharming.
Phishing tricks targets into interacting with malicious resources via spoofed messages, while Pharming redirects users from legitimate websites to malicious ones by corrupting DNS resolution.
What is Vishing?
Phishing conducted over the phone or VoIP, where attackers impersonate trusted entities to gain sensitive information.
What is SMiShing?
Phishing through SMS text messages, often involving malicious links.
Define Typosquatting.
Registering a domain name very similar to a legitimate one to trick users into thinking they are on a trusted site.
What is Business Email Compromise (BEC)?
A targeted phishing campaign where the attacker poses as a colleague, partner, or vendor to manipulate an executive or senior manager, often to authorize fraudulent payments.
What is a Watering Hole Attack?
Compromising a website frequently used by a specific target group to infect users who visit it.
What is Cryptography?
The art of encoding information to make it secure.
Define Plaintext and Ciphertext.
Plaintext is unencrypted data, while Ciphertext is encrypted data.
What is a Cryptographic Algorithm?
The process used to encrypt and decrypt messages.
What is Cryptanalysis?
The practice of cracking cryptographic systems.
What is Symmetric Encryption?
Uses the same secret key for both encryption and decryption, suitable for bulk data encryption.
Name two types of Symmetric Ciphers.
Substitution Cipher and Transposition Cipher.
What is the Keyspace in cryptography?
The range of possible key values; larger key lengths make brute force attacks more difficult.
What is Asymmetric Encryption?
Uses two related keys, a public key for encryption and a private key for decryption.
Describe the operation of Asymmetric Encryption.
Bob generates a key pair and shares the public key. Alice encrypts a message using Bob’s public key, and Bob decrypts it with his private key.
Name two common Asymmetric Algorithms.
RSA and ECC (Elliptic Curve Cryptography).
What is Hashing?
Produces a fixed-length string from any input data, used for integrity checks and password storage.
What are the properties of a good hashing algorithm?
One-way function and collision-resistant.
Name two common Hashing Algorithms.
SHA (Secure Hash Algorithm) and MD5 (Message Digest 5).
What are Digital Signatures?
Combine hashing and asymmetric encryption to provide integrity and authentication.
How do Digital Signatures work?
The sender hashes the message and signs the digest with their private key. The receiver verifies the signature with the sender’s public key and compares the hash.
What is Public Key Infrastructure (PKI)?
A framework for managing digital certificates and public keys for secure communication.
What is a Digital Certificate?
A public assertion of identity, validated by a Certificate Authority (CA).
What is the role of a Certificate Authority (CA)?
Validates certificates, issues digital certificates linking a public key with the subject’s identity, and maintains a Certificate Revocation List (CRL).
Differentiate between Private CA and Third-party CA.
Private CA is used internally within an organization, while Third-party CA is trusted across different organizations (e.g., DigiCert, Let’s Encrypt).
What is the Root of Trust in PKI?
The CA’s root certificate is self-signed and trusted by all parties, forming the basis of the trust chain.
What is a Certificate Signing Request (CSR)?
A request submitted to a CA containing the public key and identifying information for issuing a digital certificate.
What are Subject Name Attributes in a Digital Certificate?
Attributes like Common Name (CN) and Subject Alternative Name (SAN) that identify domain names and IP addresses.
What is Certificate Revocation?
The process of invalidating compromised, misused, or no longer needed certificates, managed via CRLs or OCSP.
What are the Key Lifecycle Stages in PKI?
Key Generation, Storage, Revocation, Expiration, and Renewal.
What is a Cryptoprocessor?
Hardware that securely generates and stores cryptographic keys, such as TPM or HSM.
Define Key Escrow.
A third-party holds copies of keys to recover encrypted data if the original key is lost, often using M of N Control.
What are Cryptographic Solutions used for?
Using ciphers, digital certificates, and signatures to implement security controls for data protection.
What is Data Encryption?
Ensures that stolen or intercepted data cannot be understood without the decryption key.
What are the three states of data concerning encryption?
Data at rest, Data in transit, Data in use.
What is Full Disk Encryption (FDE)?
Encrypts entire storage devices, including free space and metadata, protecting against physical theft.
What are Self-Encrypting Drives (SED)?
Hardware-based encryption built into the disk firmware.
What is Transport Encryption?
Protects data during transmission over networks, using protocols like WPA, IPsec, and TLS.
What is Perfect Forward Secrecy (PFS)?
Ensures that compromising a session key does not affect past or future sessions, often implemented using Diffie-Hellman Ephemeral (DHE).
What is Salting in password security?
Adds a random value to passwords before hashing to defend against brute-force and dictionary attacks.
What is Key Stretching?
Increases the difficulty of cracking a password-derived key by using multiple rounds of hashing, such as PBKDF2.
What is Blockchain in cryptography?
Uses cryptographic hashing to secure a chain of records (blocks), ensuring data integrity and immutability through a decentralized ledger.
What is Steganography?
Hides information within another file, such as embedding a message in an image.
What is Tokenization in data security?
Replaces sensitive data with a token, allowing for reversible de-identification.
What is Authentication in InfoSec?
Verifies that only the legitimate account holder can access the system using methods like passwords, biometrics, and tokens.
What are the key aspects of Authentication Design?
Confidentiality, Integrity, and Availability of authentication mechanisms.
What are the three main Authentication Factors?
Something You Know (Knowledge), Something You Have (Possession), Something You Are (Inherence).
What is Password Management?
Implementing strong policies and user training to prevent network attacks due to weak passwords.
What are Best Practices for Password Management?
Set minimum and maximum lengths, enforce complexity, regular changes, and prevent reuse of recent passwords.
What is Multifactor Authentication (MFA)?
Combines multiple authentication factors to secure accounts beyond just passwords.
What is Biometric Authentication?
Uses unique biological traits like fingerprints or facial recognition for authentication.
What are Hard Authentication Tokens?
Physical devices used for authentication that generate tokens or store certificates, such as smart cards or key fobs.
What are Soft Authentication Tokens?
One-Time Passwords (OTPs) delivered via SMS, email, or apps.
What is Passwordless Authentication?
Replaces passwords entirely by using MFA factors such as biometrics or hardware tokens, often using frameworks like FIDO2/WebAuthn.
What is Authorization in InfoSec?
Assigns privileges to users and services to manage access and ensure security.
What is Discretionary Access Control (DAC)?
Resource owners control who can access their resources and modify access control lists (ACLs).
What is Mandatory Access Control (MAC)?
Based on security clearance levels where subjects can only access objects at or below their clearance level; rules cannot be changed by users.
What is Role-Based Access Control (RBAC)?
Users are assigned roles based on their tasks, and permissions are assigned to those roles, simplifying management.
What is Attribute-Based Access Control (ABAC)?
Access decisions are made based on multiple attributes (user, object, context) for fine-grained control.
What is Rule-Based Access Control?
Access decisions are based on predefined system rules, such as conditional access systems that enforce additional authentication.
What is the Principle of Least Privilege?
Users are granted the minimum permissions needed to complete their tasks to reduce the risk of compromised accounts being used maliciously.
What is Authorization Creep?
When users accumulate permissions over time beyond their current role requirements, requiring regular auditing to prevent.
What are the Steps in User Account Provisioning?
Identity Proofing, Issuing Credentials, Issuing Hardware and Software, Teaching Policy Awareness, Creating Permissions.
What is Privileged Access Management (PAM)?
Managing and securing accounts with administrative or privileged access to prevent unauthorized access.
What are Just-in-Time (JIT) Privileges?
Temporary elevation of privileges for a limited time, using tools like Windows UAC or Linux sudo.
What are Secure Administrative Workstations (SAW)?
Workstations used for privileged activities to minimize the risk of credential theft on untrusted devices.
What is Identity Management?
Controls user access, especially in hybrid environments, and extends access to external entities through federated solutions.
What is Single Sign-On (SSO)?
Allows users to authenticate once and access multiple services without re-entering credentials.
What is Kerberos SSO?
A protocol that uses Ticket-Granting Tickets (TGT) and Service Tickets to authenticate users across a network.
What is Federation in Identity Management?
Enables trust between different organizations for managing user identities and access, allowing logins across services.
What is Security Assertion Markup Language (SAML)?
A protocol for exchanging authentication and authorization data between identity providers and service providers using XML.
What is Open Authorization (OAuth)?
Facilitates secure sharing of information between sites without sharing credentials, using access tokens.
What are OAuth Tokens?
JSON Web Tokens (JWT) used for claims data, passed as Base64-encoded strings in URLs or HTTP headers.
What is Lightweight Directory Access Protocol (LDAP)?
A standard protocol for directory services, based on X.500, using Distinguished Names (DN) as unique identifiers.
What is Pluggable Authentication Module (PAM) in Linux?
Enables the use of different authentication methods, including smart cards or network directories.
