Section 3 Flashcards

1
Q

Which tool is used for vulnerability assessment?

A

Qualys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which standards apply to any financial entity policies?

A

Gramm-Leach-Bliley

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What company audits other companies for licensing requirements?

A

BSA (business software alliance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which term is synonymous with symmetric cryptography?

A

secret key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which term is synonymous with asymmetric cryptography?

A

public key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are hash functions used for

A

determining whether the message has changed
-verify integrity of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Symmetric cryptography

A

uses a single key to both encrypt the plaintext and decrypt the ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

examples of symmetric cryptography

A

DES, 3DES, AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

asymmetric cryptography

A

uses public and private key
- public key encrypts data and anyone can access it
- private key decrypts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Examples of asymmetric cryptography

A

RSA, ECC, DSA
protocols: PGP, SSL/TSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

examples of hash functions

A

MD5, SHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

regulatory compliance

A

Adherence to laws specific to industry in which you’re operating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

industry compliance

A

Regulations not mandated by law but can have severe impacts upon ability to conduct business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

PCI DSS

A

processing credit card transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Steps for compliance

A
  • monitoring
  • reviewing
  • documenting
  • reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Federal Information Security Management Act (FISMA)

A
  • Organization implement information security controls that use a risk-based approach
  • provides a framework for ensuring the effectiveness of information security controls in government.
17
Q

Federal Risk and Authorization Management (FedRAMP)

A

defines rules for government agencies contracting with cloud providers

18
Q

Sarbanes-Oxley Act (SOX)

A

Regulates financial data, operation, and assets for publicly held companies

19
Q

Gramm-Leach-Bliley Act (GLBA)

A

Protect information and financial data belonging to customers of financial institutions

20
Q

Children’s Internet Protection Act (CIPA)

A

Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet

21
Q

Children’s Online Privacy Protection Act (COPPA)

A

Protects privacy of minors under 13 by restricting organization from collecting their PII

22
Q

Family Educational Rights and Privacy Act (FERPA)

A

protects students’ records

23
Q

General Data Protection Regulation (GDPR)

A
  • EU
  • data protection and privacy for all individuals
24
Q

NIST Framework

A

□ Categorize data
□ Select controls
□ Implement controls
□ Assess controls
□ Authorize use of system
□ Monitor controls

25
IaaS
access to virtual servers and storage - AWS, google cloud
26
PaaS
provides prebuilt servers
27
SaaS
access to specific app
28
What is the disadvantage of logging?
resources/ takes up storage
29
Which act regulates federal departments in the United States?
FISMA
30
Which act regulates customer privacy in the finance industry?
GLBA
31
Which act regulates reporting of publicly traded companies?
SOX
32
Which algorithm supports encryption for email?
PGP