Section 2 - ISC2 Flashcards
Confidentiality, Integrity and Availability are referred to as
the CIA Triad
PII Stands for
PHI Stands for
Personal Identifiable Information
Protected Health Information
What is the measure of the importance assigned to information by its owner
Sensitivity
What term is Availability typically associated with
Criticality
What is the process called of verifying or providing the users identification is know as
Authentication
Name 3 Common methods of Authentication
Something you know - passwords or phrases (Knowledge Base)
Something you have - Token, cards (Token-Base)
Something you are - Biometrics (Characteristics Base)
True or False - Best practice is to use all 3 of the common methods of communication
False - 2 at least two is recommended
Name the legal term as defined as the protection against an individual falsely denying having performed a particular action
Non-repudiation
Name 3 Risk Management Terminology and their definitions
Asset - something that needs protection
Vulnerability - is a gap or weakness
Threat - something or someone that aims to exploit a vulnerability
Name Threat Actors
Insiders
Outside Individuals
Formal Entities
Nation States
Technology such as bots
Threat Vector is
the approach and technique
The magnitude of the harm that can be expected and can result in a chain reaction is called
Impact
Name the 4 Risk Treatments
Avoidance - exit the service due to high risks
Acceptance - risk averse or low likelihood
Mitigation - Most common taking steps to minimize
Transfer - insurance for eg
Name the 3 Security Controls
Physical Controls
Administrator Controls
Technical Controls (logical controls)
What is the detailed steps to complete a task that supports departmental or organizational policies
Procedure
Used by governance teams to provide a framework to introduce policies and procedures in support of regulations
Standard
Put in place by organizational governance such as executive management to provide guidance
Policies
in form of laws typically from government and can carry financial penalties
Regulations
Name the Code of Ethics Cannons
Protect Society, the common good, necessary public trust and confidence in the infrastructure
Act honorably, honestly, justly, responsibility and legally
Provide diligent and competent services to principles
Advance and protect the profession
The process and act of converting the message from plaintext to ciphertext sometimes referred to as enciphering
Encyrption
The process of how an organization is managed, usually includes all aspects of how decisions are made for that organization, such as policies, roles and procedures
Governance
Define Likelihood of Occurrence
based on a weighted factor on subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability
What Department is NIST part of?
US Dept. of Commerce
Qualitative Risk vs Quantitative Risk Analysis
Qualitative - assignment based on low, medium and high
Quantitative - numerical values are assigned to both impact and likelihood based on stats and monetized
Is BCP an Incident Response Plan
Yes
Name the Components of an Incident Response Plan
Preparation - policy, identify critical data, train staff on response, ERT, Roles and responsibilities, Communication between stakeholders
Detection and Analysis - monitor attack vectors, Analyze incidents, prioritize, standard incident docs
Containment , Eradication and Recovery
Post Incident Activity - identify evidence, document lessons learned
T or F Business Continuity is to bring all systems fully operational
Fales - just critical systems
What is the nickname of the book of procedures for BCP
RedBook
True or False DR starts where BC leaves off
True
What part of the CIA Triad is Incident Response, Business Continuity and Disaster Recovery
Availablity
What is the mitigations of violations of security policies and recommended practices
Incident Handling/Incident Response
Is a Firewall considered a Security Control
Yes
for Access Controls Subjects constitute the following
User, a process, a procedure, client or server, program, workstations,
What is the term for anything that the subject is trying to access referred to
Objects
Note: Objects are passive and do not contain their own access control logic and need to be protected
What is the term for an instruction developed to allow or deny access to an object by comparing the validated identity of the subject to an access control list
Rule
What are the implementations of access control and are part of a _________ strategy
Layered Defense also know as defense in depth
It is acceptable to do profile user copies to save time T or F
False
An entrance to a building where two doors with only one open at a time
Mantrap
What is CPTED
Crime Prevention Through Environmental Design
What are the common two types of Biometics
Physiological - Fingerprint, Iris (colored portion around the outside of the pupil), retinal (blood vessels in the back of the eye)
Behavioral - how a person acts by measuring voiceprints, signature dynamics and keystroke dynamics.
What is DAC
Discretionary Access Control
Most common access control giving the user rights to pass the information, grant privilege’s, change security attributes
They are controlled by each individual object owner and not scalable
Which Access Control is uniformly enforced across all data subject and provide detail
Mandatory Access Control
Only properly designated security administrators as trusted subjects can modify any of the security rules
What is RBAC
Role Based Access Controls
Assigned by roles to each of the applicable systems
True or False that encapsulation occurs when data moves down the OSI Model
True
This is coming from the previous layers header address
As data moves up the OSI model what is that process called
de-encapsulation
header and footer are discarded
What Layer in the TCP/IP Stack is ICMP and what is its function
Internet Layer
Used to determine the health of the network or specific link. Used by Ping, traceroute and other network management tools
What is FTP’s insecure Port and SFTP Secure Port
21 - FTP
22 - SFTP
What is Telnets Port and it Secure Counterpart
Telnet - 23
SSH - 22
What is SMTP port and its secure counterpart
SMTP - 25
SMTP with TLS - 587
What is time’s port and replaced by what
Time - 37
Network Time Protocol (NTP) - 123
What is DNS port and replaced by what
DNS - 53
DNS over TLS - 853
True or False - communication between endpoint and server requires a 3 way handshake
True
What is the type of threat that places themselves between two devices such as a web browser and web server
On-Path Attack
What is a passive, noninvasive attack to observe the operation of a device
Side-channel
power monitoring, timing and fault analysis attacks
Which attack refers to threats that demonstrate an unusually high level of technical and operational sophistication spanning months or even years.
Advanced Persistent Threat (APT)
performed by organized groups such as Nation states
True of False a Host-Based Intrusion System will monitor multiple servers and networks
False - it monitors activity on a single computer and is more detailed than a Network IDS. They are more costly to manage since they require administration on each of the systems they reside on
True or False Network Intrusion Systems can monitor encrypted traffic
False - it can monitor other package details. a NIDS can monitor a large network by using remote sensors to collect data at key network locations and send to centralized console
What refers to the process of designing, using our operating different process in ways that isolate high-risk activities from lower risk ones.
Firewalling
Traditionally what OSI layer do firewalls operate at
Layer 4 - session
What are Joint Operating Agreements and name them
Memo of Understanding and Memo of Agreement between organizations sometimes competitors that can work together in a disaster
Micro segmentation of networks with firewalls at every connecting point is referred to as ________
Zero Trust
True or False Network Access Control (NAC) can create policies along with enforcing them
False - they only enforce the polices that are in place.
What type of devices would NAC enforce
Medical Devices
IoT Devices
BYOD such as phones and tablets
Guest users and contractor
example would be Hotel based Internet access. Logging in and validating room number and name
True of False a DMZ is an example of Network Segmentation
True
What is a Web-Application Firewall used for and can replace
It is used to control both internal and external traffic including encrypted like a traditional firewall.
It can replace a DMZ
Key reason to segment Embedded Systems and IoT
These systems often control mechanisms such as AC, power, medical devices special care should be taken to isolate them from other devices on the network
VLAN is a form of Micro segmentation - T or F
True
VPN and Security Groups are other examples
What is the term when a malicious user can see traffic on other VLAN’s
VLAN Hopping
True of False - All VPN are encrypted
False
Name the 6 Major Sets of the Data Life Cycle
Create
Store
Use
Share
Archive
Destroy/Delete
True of False - OSHA Requires if there is a claim that employee data is kept for 30 years
True
Degausing is ____________
using magnets to erase data on hard drives
What is the definition of Classification in Data Handling
Identifies the degree of harm that that asset if exposed would cause to the organization. Focused on maintaining confidentiality of the data based on sensitivity
What type of data classification control of assigning a level of sensitivity
Labeling
True of False it is acceptable to apply the longest retention period to all types of information in an orginization
False
What is the term for any data that is left on media after deleting? What can be done to remediate
Remanence
Clearing the device using Random values also called overwriting or zeroing
Purging the device such as degaussing
Physical Destruction
True of False Ingress Monitors the outbound traffic
False - Egress is the monitoring of outbound traffic
What is part of Egress Monitoring
Data Loss/Leak Prevention (DLP)
What are the two functions that provide Integrity with Encryption
Hash Functions - a finger print of the file
Digital Signatures - electronic signature providing non-repudiation
True of False - all plaintexts are fully readable by humans
False -
_______ Encryption is where both sender and receiver have the same Key.
Symmetric Encryption
Note- not very scalable if every person needs a key to communicate with each other
Which type of Encryption requires out of band key distribution
Symmetric
Same Key
Single Key
Shared Key
Secret Key and
Session Key are all names for what Encryption
Symmetric
________ Encryptions uses one key to encrypt and a different key to decrypt
Asymmetric Encryption
List some key benefits of Asymmetric Encryption
More scalable with no overhead of key exchange
Non-Repudiation of origin and delivery, access control and data integrity
More Secure
Which Encryption has the best performance. Asymmetric or Symmetric
Symmetric.
The amount of processing espeically with large amounts of data is not practical for Asymmetric
Who performs the study the mathematical techniques to attempting to defeat cryptography
CryptAnalysts
What is the process where it takes an input set of data and returns a fixed length result called ______
Hash Value - most common method of ensuring message integrity today
What is the term of comparing the digest code to the original called
Checksum
Using a rogue interactive voice response (IVR) to recreate legitimate sounding bank or other institutions is called
Phone Phishing or Vishing
The human equivalent of phishing where someone impersonates an authority or trusted figure
Pretexting
Quid pro quo in Social Engineering is
request for information in exchange for something