SecPlusP2 Flashcards
What is a challenge for multinational companies and cloud services regarding data sovereignty laws?
Complying with the requirement of data storage and processing within national borders
What access restrictions might cloud services impose due to data sovereignty laws?
Restricting access from multiple geographic locations
Why do data sovereignty and geographical considerations pose complex challenges?
They conflict with the global nature of multinational companies and cloud services
What is geofencing?
Virtual boundaries to restrict data access based on location
Why is geofencing important for data security?
Compliance with data sovereignty laws, prevent unauthorized access from high-risk locations
What does encryption protect?
Data at rest and in transit
What is needed to recover encrypted data?
Decryption key
What is masking?
Replace some or all data with placeholders
What is tokenization?
Replace sensitive data with non-sensitive tokens
What is obfuscation?
Make data unclear or unintelligible
What is hashing commonly used for?
Password storage
What is the purpose of hashing?
Irreversible one-way function
What is the purpose of masking?
Partially retains metadata for analysis
What is the purpose of tokenization?
Credit card protection
What is the purpose of obfuscation?
Irreversible de-identification method
What are some techniques used to hinder unauthorized understanding?
Encryption, masking, pseudonyms
How does segmentation help in network security?
Divides network into separate segments with unique security controls
What is the goal of Data Loss Prevention (DLP) systems?
To detect and prevent data theft
What are the three types of DLP systems?
Endpoint DLP, Network DLP, Storage DLP
What does a DLP system inspect?
Data at rest
What type of data does a DLP system inspect?
Encrypted or watermarked data
What does a DLP system monitor?
Data access patterns
What happens if a policy violation is detected?
It is flagged
What type of solution is a cloud-based DLP system?
Software-as-a-service
What does a cloud-based DLP system protect?
Data stored in cloud services
What are the three data states?
Data at rest, data in transit, data in use
What does an algorithm do in cryptography?
Performs encryption or decryption
What is the advantage of key rotation?
Best practice for security longevity
What type of encryption uses the same key for encryption and decryption?
Symmetric encryption
What type of encryption uses a pair of keys for encryption and decryption?
Asymmetric encryption
Name two symmetric algorithms.
DES, AES
Name two asymmetric algorithms.
Diffie-Hellman, RSA
What does hashing do?
Converts data into fixed-size string (digest) using hash functions
What are some examples of encryption algorithms?
MD5, SHA Family, RIPEMD, HMAC
What is Public Key Infrastructure (PKI)?
Framework managing digital keys and certificates for secure data transfer
What are digital certificates?
Electronic credentials verifying entity identity for secure communications
What is blockchain?
Decentralized, immutable ledger ensuring data integrity and transparency
What are some examples of encryption tools?
TPM, HSM, Key Management Systems, Secure Enclave
What are some types of cryptographic attacks?
Downgrade Attacks, Collision Attacks, Quantum Computing Threats
What is symmetric encryption?
Uses a single key for both encryption and decryption
What is asymmetric encryption?
Uses two separate keys: public key for encryption and private key for decryption
What is the hybrid approach to encryption?
Combines both symmetric and asymmetric encryption for optimal benefits
What is a stream cipher?
Encrypts data bit-by-bit or byte-by-byte in a continuous stream
What are the challenges with key distribution in symmetric encryption?
Requires both sender and receiver to share the same secret key
What are the commonly used algorithms for asymmetric encryption?
Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)
What are the advantages of using a block cipher?
Ease of implementation and security
What is the key size used in DES?
64-bit (56 effective bits due to parity)
What types of data streams are suitable for block ciphers?
Real-time communication data streams like audio and video
What is the encryption algorithm that encrypts data in 64-bit blocks through 16 rounds of transposition and substitution?
DES
What is the encryption algorithm that utilizes three 56-bit keys and provides 112-bit key strength?
Triple DES (3DES)
What is the encryption algorithm that uses a 128-bit key and is faster and more secure than DES?
IDEA (International Data Encryption Algorithm)
What is the block size of IDEA?
64-bit
What is AES?
US government encryption standard
What are the key sizes supported by AES?
128-bit, 192-bit, or 256-bit
What is Blowfish?
DES replacement with limited adoption
What are the key sizes supported by Twofish?
128, 192, or 256 bits
What is the RC Cipher Suite?
Cipher suite created by Ron Rivest
What are the key sizes supported by RC4?
40 to 2048 bits
What is the classification of the mentioned algorithms?
Symmetric block ciphers except for RC4 which is a stream cipher
What is public key cryptography?
No shared secret key required
What is the purpose of a key pair in encryption?
Public key for encryption and private key for decryption
What does the public key in encryption provide?
Confidentiality
What does the private key in encryption provide?
Non-repudiation
What are the roles of the private key and public key in encryption?
Private key encrypts, public key decrypts
What is the purpose of a digital signature?
Integrity and authentication
What is a hash digest?
Encrypted message with sender’s private key
How is the message encrypted in asymmetric cryptography?
With the receiver’s public key
What does asymmetric cryptography ensure?
Message integrity, non-repudiation, and confidentiality
What is the Diffie-Hellman algorithm used for?
Key exchange and secure key distribution
What are the vulnerabilities of Diffie-Hellman?
Man-in-the-middle attacks, requires authentication
What is RSA used for?
Key exchange, encryption, and digital signatures
What is the reliance of RSA encryption?
Factoring large prime numbers
What are the key sizes supported by RSA encryption?
1024 to 4096 bits
What is the cryptographic algorithm widely used in organizations and multi-factor authentication?
RSA
What algebraic structure does ECC use?
Elliptical curves
Where is ECC commonly used?
Mobile devices and low-power computing
How does ECC compare to RSA in terms of efficiency for equivalent security?
Six times more efficient
What are the variants of ECC?
ECDH, ECDHE
What is ECDSA?
Elliptic Curve Digital Signature Algorithm
What are common hashing algorithms?
MD5 (Message Digest Algorithm 5)
What is SHA-1?
Produces a 160-bit hash digest, less prone to collisions than MD5
What does SHA-2 offer?
Longer hash digests (SHA-224, SHA-256, SHA-384, SHA-512)
What is SHA-3?
Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of computations
What is RIPEMD?
Competitor to SHA, available in 160-bit, 256-bit, and 320-bit versions
What is HMAC?
Hash-based Message Authentication Code
What are common digital signature algorithms?
DSA
How does a digital signature ensure non-repudiation?
Encrypts the hash with the sender’s private key
What is the purpose of a 160-bit message digest?
Verify data integrity
What is a common hashing attack known as?
Pass the Hash Attack
How can pass the hash attacks be prevented?
Trusted OS, proper Windows domain trusts, patching, multi-factor authentication, least privilege
What is a hub/control system?
Central component connecting IoT devices
What are smart devices?
Everyday objects with computing and internet capabilities
What are wearables?
Smart devices worn on the body
What do sensors do in IoT?
Detect changes and convert them into data
What are the risks associated with IoT?
Weak Default Settings, Poorly Configured Network Services
Why are weak default settings a common security risk in IoT?
Default usernames/passwords are easy targets for hackers
What can be done to mitigate the risk of weak default settings in IoT?
Changing defaults upon installation is essential
What are the risks of poorly configured network services in IoT?
Open ports and unencrypted communications can expose vulnerabilities
How can the attack surface of IoT devices be minimized?
Keeping IoT devices on a separate network is recommended
What is DLL?
Library
What is the name of the software that collects code and data that can be used simultaneously to allow for reuse and modularization?
software 62
What happens when two different messages result in the same hash digest?
Birthday Attack
What does longer hash output do to reduce collisions and mitigate the attack?
SHA-256)
How many replay attacks does DionTraining.com have?
92
What areStudy Notes?
CompTIA Security+ (SY0-701)
Where are PKI Components used?
HTTPS connections
What is a random shared secret key generated for?
symmetric encryption
What type of encryption does the shared secret use to create a secure tunnel?
AES
What is the purpose of establishing a website via HTTPS?
Secure Connection
What is the private key used to verify the web server’s identity?
93
What is the name of a shared secret?
Authentication
What standard does CompTIA Security+ use?
X.509 Standard
Where is the X.509 Standard used for digital certificates?
PKI
What does the X.509 Standard contain?
Contains owner’s/user’s information and certificate authority details
What is the name of the digital certificate that is signed by the same entity whose identity it it certifies?
Third-Party Certificates 95
What does CompTIA Security+ refer to?
Preferred for public-facing websites
What is the name of the study Notes Digital certificate issued and signed by trusted certificate authorities?
CompTIA Security+ (SY0-701)
What are Verisign, Google, etc?
Trusted third-party providers
What does CompTIA Security+ offer transparency, efficiency, and trust in the digital era?
Encryption Tools
What does CompTIA Security+ offer in the digital era?
Transparency, efficiency, and trust
What is the name of a hardware-level security tool?
Dedicated microcontroller
What is an Encryption Tools for Data Security?
TPM
How many devices are protected from unauthorized access?
100
What technique is used to prevent the suspicion that there’s any hidden data at all?
encryption
What is Data Obfuscation?
Data Masking
In what environments is data authenticated and usable?
testing environments
What does Assess and prioritize risks based on likelihood and impact?
Qualitative Risk Analysis
What does Numerically estimate probability and potential impact?
Quantitative Risk Analysis
What does Quantitative Risk Analysis mean?
Numerically estimate probability and potential impact
What are the Crucial Steps Continuous tracking and regular reporting Long-Term Impact Significant for the effectiveness of the risk management process
Risk Monitoring and Reporting
What is significant for the effectiveness of the risk management process?
Long-Term Impact
What is the term for Risk Assessment Frequency?
Regularity
What is regularity with which risk assessments are conducted within an organization?
Risk Assessment Frequency
What are the four main types of risk assessment frequencies?
Ad-Hoc Risk Assessments
What is a crucial first step in risk management?
Risk Identification
Risks can vary from financial and operational to what?
strategic and reputational
