Security Definitions Flashcards

1
Q

What is Information Security

A

Protection of info and resources from unauthorized access, attacks, thefts. or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Risk

A

Concept that indicates exposure to the chance of damage or loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Threat

A

event or action that could potentially cause damage to asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Vulnerability

A

Condition that leaves system open to harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Intrusions

A

attacker accesses computer system without the authorization to do so

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Attacks

A

exploit vulnerability in application or physical computer system without authorization to do so

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Controls

A

Countermeasures that you need to put in place to avoid, mitigate, or counteract security risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Non-Repudiation

A

party remains associated with data they created or transferred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Identification

A

Ensuring the entity requesting access is true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Authentication

A

method of validating particular entity credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Authorization

A

determining rights and privileges of entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Access Control

A

Determining and assigning privileges to various resources, objects or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Accounting

A

Tracking/ recording system activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Auditing

A

examining logs of what was recorded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Implicit Deny

A

not explicitly allowed is denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Least Privilege

A

user and software only access what they need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Privilege Bracketing

A

given at beginning and taken away at end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Separation of Duties

A

no one person has to much power of responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Job Rotation

A

no one stays in one job to long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Mandatory Vacation

A

opportunity to review employee’s activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are Time of Day Restrictions

A

What times users are allowed access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are Orphaned Accounts

A

user accounts remain active after employee has left

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Privilege Management

A

administration of user and group access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Cryptography

A

science of hiding info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is Encryption
converts data from plaintext to ciphertext
26
What is Decryption
converts ciphertext to plaintext
27
What is Quantum Cryptography
encryption based on quantum communication
28
What are Ciphers
algorithm used to encrypt or decrypt data
29
What is Steganography
hides info by hiding it in another file
30
What are Keys
specific piece of info used to encrypt and decrypt
31
What is Hashing Encryption
one-way encryption that transforms cleartext to ciphertext, not to be decrypted
32
What is Symmetric Encryption
two-way encryption which both encrypt and decrypt use same key
33
What is asymmetric encryption
using public and private keys
34
What is a Key Exchange
keys transferred among users
35
What is a Digital Signature
message digest that has been encrypted again with user's private key
36
What are Cipher Suites
Collection of algorithms used to establish secure connection
37
What are Session Keys
Single-use key used for encrypting messages in a single series
38
What is Key Stretching
Technique to strengthen weak cryptographic keys
39
What are Social Engineering Attacks
uses deception and trickery to obtain data
40
What is Spoofing
human or software attack to pretend to be someone else
41
What is Impersonation
Human attack pretends to be someone else
42
What is a Hoax
email attack using trickery to convince user to delete stuff
43
What is Phishing
Email attack pretending to be a respected company
44
What is vishing
Human attack to get info over phone
45
What s Whaling
targets wealthy people and organizations
46
What is URL hijacking
exploits typos in URL address
47
What is Spam/ Spim
email attack floods inbox to deliver virsus. Spim is instant messenger
48
What is shoulder surfing
someone looking over your shoulder to get info
49
What is dumpster diving
looking in trash for info
50
What is Tailgating
walking through portal behind someone
51
What is a Electronic Activist
wants social change
52
What is a data thief
blatantly steal resources
53
What is a Script Kiddie
Novice looking to improve skill
54
What is Electronic Vandal
do as much damage as possible
55
what is a Cyberterrorist
disrupt system spread fear and panic
56
What is a Malicious Code Attack
software attack where undesired software is inserted
57
What is a Viruses
Code that spreads by attaching itself
58
What is a Worm
Replicates itself but doesn't attach
59
What is Adware
software that downloads unwanted ads
60
What is Spyware
Malicious software intended to track and report usage
61
What is a Trojan Horse
hidden malware to cause damage to system or monitors/ control
62
What are Rootkits
code intended to take full or partial control at lowest level
63
What are Logic Bombs
code sits dormant until right event or time
64
What are Botnets
set of infected computers allows attacker to collectively exploit
65
What is Ransomware
code the restricts user access to computer or data
66
What is Polymorphic Malware
Virus encryption when decrypted changes
67
What are Armored Viruses
trick or shield themselves for antivirus software/ professionals
68
What are Software Attacks
attack against resources
69
What are Password Attacks
attempts to gain or use password illegitimately
70
What is a Backdoor Attack
software created to find a backdoor
71
What are Takeover Attacks
attacker assumes complete control
72
What are Application Attacks
web-based client-server applications
73
What is IP Port Scanning Attacks
scans computers connected to Internet, looking for listening and open ports
74
What are Eavesdropping Attacks
Monitoring software to gain access to gain info
75
What are Man-in-the-Middle
makes independent connection
76
What are Replay Attacks
captured network traffic retransmitted later
77
What are DoS Attacks
attempt to disrupt or disable system
78
What is Session Hijacking
exploits computer in session to obtain info
79
What is Peer-to-Peer Attacks
Malware propagated through P2P networks
80
What is ARP Poisoning
IP address redirected to MAC address of choosing
81
What is Transitive Access Attacks
members using data without authentication
82
What are Rogue Access Points
unauthorized WAP on network
83
What are Evil Twins
AP that fool users into believing the are legit
84
What is Jamming
radio waves disrupt 802.11 signals
85
What is Bluejacking
sending of unwanted Bluetooth signals
86
What is Bluesnarfing
gain access to unauthorized info. Within 30 feet
87
What is War Chalking
Marks indicating WAP
88
What are Sinkhole Attacks
single node in which all traffic goes through
89
What is Layered Security
uses different avenues of defense
90
What is Defense in Depth
plan personnel training, policy adoption, physical protection, security strategies
91
What is Data Security
security controls/ measures to keep data safe, accessible, prevent unauthorized access
92
What are Data Security Vulnerabilities
cloud computing, lock of restricted access, lack of user awareness
93
What are Hardware-Based Encryption Devices
cryptographic module called Hardware Security Module
94
What is a Trusted Platform Module
cryptoprocessers create secure computing environment
95
What is a Hardware Security Module
cryptoprocessor device attached to servers/ computers provide digital key
96
What is Data at Rest
data that is stored, database, disk
97
What is Data in Transit
Data moving across network
98
What is Data in Use
data that is not at rest or in transit
99
What is Big Data
Large complex data collections
100
What is Patch Management
monitoring, obtaining, evaluating, testing, deploying. software patches/updates
101
What is a Configuration baseline
minimum security requirements needed for app to be complete
102
What is Application Hardening
Process used to configure a default app to prevent security threats/ vulnerabilities
103
What is Patch Management
third-party software to ensure every app is running with latest security requirements/updates
104
What is Input Validation
data entered in field or variable in app is within acceptable bounds
105
What is Command Injection
attacker sends additional commands to app through unchecked input fields
106
What is a stored attack
attacker injects malicious code or link into website
107
What is a Reflected Attack
poses as legitimate user sends info to server
108
What is a Cross-site request forgery attack
attacker takes advantage of trust between authorized user and website
109
What is Fuzzing
testing method used to identify weaknesses in app by sending app random data
110
What is Hardening
default configuration is altered to try and close vulnerabilities
111
What is a trusted computing base
hardware, firmware. software responsible for ensuring security policy is implemented
112
What is a Security Baseline
Collection of security/ configuration settings applied to host
113
What is Application Blacklisting
practice of preventing apps you don't want do to security issues
114
What is Application Whitelisting
list of approved apps and only those can be installed
115
What is Logging
record data about activity on computer
116
What is Auditing
assessment of the security strengths and weaknesses
117
What is Anti-malware Software
Protective software the scans for known viruses, Trojans, worms, and other malicious programs
118
What is a Strong Password
Meets complexity requirements set by system admins
119
What is a Web Security Gateways
utility primarily to intentionally block internal Internet access
120
What is NetBIOS
interface that allows apps to properly communicate over different computers in a network
121
What is a Directory Service
network service that stores identity info
122
What is Lightweight Directory Access Protocol
it is an authentication service
123
What is Tunneling
data transport that provides remote access in which data is encrypted/ encapsulated in another data packet
124
What is HMAC based one-time password
algorithm that generates One-time passwords
125
What is Timed HMAC based one-time password
adds a time based factor to HMAC
126
What is Password Authentication Protocol
sends user ID's and passwords as plaintext
127
What is Challenge Handshake Authentication Protocol
encrypted protocol used to provide access control for remote servers
128
What is Pretty Good Privacy (PGP)
publicly available email security utility that uses public Key cryptography
129
What is GNU Privacy Guard (GPG)
open-source version of PGP provides equivalent encryption
130
What is Kerberos
authentication service based on time-sensitive ticket granting system
131
What is Security Assertion Markup Language (SAML)
data format used to exchange authentication info from server, service and identity provider
132
What is Account Federation
linking single account across many different account management systems
133
What are Digital Certificates
Electronic document that associates credentials with public key
134
What is a Certificate Authority (CA)
Server that issues certificates
135
What is Public Key Infrastructure (PKI)
System of CA's, certificates, software, services
136
What is Registration Authority (RA)
Responsible for verifying users' identities and approving/ denying requests
137
What is Certificate Repository Database (CRD)
Stores digital certificates
138
What is Certificate Management System (CMS)
Provide software tools to perform day to day functions of PKI
139
What is Certificate Signing Request (CSR)
Message sent to CA where resource applies for certificate
140
What is Public Key Cryptography Standards (PKCS)
Common CSR format designed to send info over Internet in secure manner using PKI
141
What is Root CA
Topmost CA in hierarchy and most trusted authority
142
What are Subordinate CA's
Any CA's below the Root CA
143
What is Key Escrow
Alternative to key backups, allows one or more third party access
144
What is the M of N scheme
Mathematical Control takes into account number of key recovery agents along with number of agents required to perform key recovery. They must match
145
What is Encrypting File System (EFS)
Uses Microsoft Windows NTFS-based public Key encryption
146
What is Certificate Revocation List (CRL)
List of certificates that were revoked before expiration date
147
What is Online Certificate Status Protocol (OCSP)
HTTP alternative to CRL for checking the status of revoked certificates
148
What is Physical Security Controls
security measures that restrict, detect, and monitor assets
149
What is Compliance
practice of ensuring requirements of legislation, regs, standards are met