Security Principles Flashcards

Question 1

Q

Cybersecurity

Answer

A

The practice of protecting information-related assets against whatever threatens them.

Question 2

Q

Malware

Answer

A

A malicious or unwanted software designed to steal data or impair your computer’s performance.

Question 3

Q

Spam

Answer

A

The unsolicited emails or other electronic messages, with undesired or malicious content.

Question 4

Q

Phishing

Answer

A

The use of fake but official-looking messages to trick users into performing dangerous actions.

Question 5

Q

Spear phishing

Answer

A

A variant of phishing that targets specific people, such as members of an organization or even individual users.

Question 6

Q

Trojan horse

Answer

A

A type of malware that appears to be a harmless or useful program, like a game or even an anti-virus application.

Question 7

Q

PCI DSS

Answer

A

The Payment Card Industry Data Security Standard is a set of shared rules developed by the world’s major credit card companies and administered by the PCI Council.

Question 8

Q

Digital certificate

Answer

A

A file created and signed using special cryptographic algorithms.

Question 9

Q

What malware spreads without any human interaction?

Question 10

Q

What provides information regarding payment cards issued by major credit card vendors, and the customers that pay using those cards?

Question 11

Q

Name the European Union regulation which protects the privacy of individual data related to EU residents?

Question 12

Q

In which type of attack does an attacker look for the discarded documents and other media in a target’s trash?

Answer

A

Dumpster diving

Question 13

Q

What defines a phishing attack?

Answer

A

Using fake but official-looking messages to trick users into performing dangerous actions

Question 14

Q

Sending unsolicited emails or other electronic messages, with undesired or malicious content is defined as ________ .

Question 15

Q

What component ensures that information remains accurate and complete over its entire lifetime?

Answer

A

Integrity

Question 16

Q

What component of CIA triad ensures that the connectivity and performance are maintained at the highest possible level?

Answer

A

Availability

Question 17

Q

What type of encryption that uses the same key for both encryption and decryption?

Answer

A

Symmetric

Question 18

Q

The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as _________.

Answer

A

cybersecurity

Question 19

Q

What is the CIA Triad?

Answer

A

The core of information security

Question 20

Q

CIA Triad: Confidentiality

Answer

A

Ensuring that information is viewable only by authorized users or systems, and is either inaccessible or unreadable to unauthorized users.

Question 21

Q

CIA Triad: Integrity

Answer

A

Ensuring that information remains accurate and complete over its entire lifetime. In particular, this means making sure that data in storage or transit can’t be modified in an undetected manner.

Question 22

Q

CIA Triad: Availability

Answer

A

Ensuring that information is always easily accessible to authorized users. This means making sure that connectivity and performance are maintained at the highest possible level.

Question 23

Q

What is Risk

Answer

A

The chance of harm coming to an asset. Risk measurements can incorporate any combination of the likelihood of harm, the impact it will have on the organization, and the cost of repairing the damage.

Question 24

Q

What is Threat

Answer

A

Anything that can cause harm to an asset. Threats can include attacks caused by malicious actors, but also human error, equipment malfunction, or natural disaster.

Question 25

Q

What is Vulnerability

Answer

A

Any weakness the asset has against potential threats. Vulnerabilities can be hardware, software, or human/organizational; likewise, they can represent errors or shortcomings in system design, or known trade-offs for desired features.

Question 26

Q

Threat: Malware

Answer

A

Malicious or unwanted software designed to steal data or impair your computer’s performance. Malware is especially dangerous on Windows PCs and other computers that can run arbitrary software, but can be found on other systems as well.

Question 27

Q

Threat: Network attacks

Answer

A

Hackers, malicious software, and other automated attacks can try to access your computer over the network to steal data, or implant malware. When your data is passing over the network, attackers can also try to intercept it, modify it, or even impersonate someone else on the other end of a connection.

Question 28

Q

Threat: Unauthorized users

Answer

A

A malicious or even negligent user getting access to your account can do damage directly, or just weaken other security measures to make your data more vulnerable. Unauthorized users might physically log into your computer, or remotely gain access to either it or your online accounts. Intruders often rely on social engineering, con artist techniques used to trick legitimate users into trusting them and giving up access. Malicious employees within the organization are especially dangerous, since they already have some access.

Question 29

Q

Vulnerability: Insecure technologies

Answer

A

Older hardware, software, and network protocols commonly have outdated security features or known vulnerabilities that make them unsafe against modern threats. Even newer technologies may simply not be designed for the security standards you need. If you must use these technologies, you should use extra controls to reduce risk.

Question 30

Q

Vulnerability: Weak configurations

Answer

A

Systems and software must be securely configured in order to minimize risk; many products with ample security features don’t have them all enabled by default, and even secure settings might be changed during maintenance or user activity. Additionally, operating systems and other critical software must receive regular security updates to patch newly discovered vulnerabilities. Out of compliance systems are a major source of vulnerability.

Question 31

Q

Vulnerability: Physical environment

Answer

A

Physical access to a computer, network, or storage device is a literal foot in the door to an intruder. Insecure physical environments let attackers bypass network-based access controls, implant malware directly, or simply make off with valuable equipment or data.

Question 32

Q

Vulnerability: User behaviour

Answer

A

Humans are one of the big weak links in any security system. Insufficient training can lead users to take actions that harm assets directly or just create security vulnerabilities; even experienced users can get sloppy or just make mistakes. Malicious insiders are a big risk, but so are social engineers who trick well-meaning users into risky behavior.

Question 33

Q

Vulnerability: Weak documentation

Answer

A

Every aspect of cybersecurity relies on having security-related information at the ready, and without it you may never know you’ve got a security problem until it’s too late. This includes training materials, configuration data, policies and procedures, and logs of user access and system activities. Security documentation must itself be secured, so it doesn’t become a roadmap for an attacker.

Question 34

Q

Social engineering attacks: Shoulder surfing

Answer

A

Watching someone who is viewing or entering sensitive information, or eavesdropping on confidential conversations. It’s easy to think of this as being literally over the shoulder, but people have been caught using binoculars or hidden cameras to steal passwords or ATM PINs. Shoulder surfing is especially a danger for employees doing work-related communications on mobile devices in public places.

Question 35

Q

Social engineering attacks: Dumpster diving

Answer

A

Hunting for discarded documents and other media in a target’s trash, looking for information. The most obvious target is confidential information that’s valuable in itself, or security-related information that can be used to compromise the system, but it’s not all that’s valuable. Schedules, policy manuals, and personal information can also be used to launch further social engineering attacks.

Question 36

Q

Social engineering attacks: Piggybacking / Tailgating

Answer

A

Getting into a secure area by tagging along right behind someone who has legitimate access, with or without their knowledge. A tailgater might join a crowd of authorized people that aren’t individually checked, or even get a careless but polite person to hold a locked door open after entering.

Question 37

Q

Social engineering attacks: Phone impersonation

Answer

A

Impersonating an authority figure or another relevant person over the phone and requesting sensitive information. This can be done in person, but the phone makes it harder to verify identity or spot suspicious elements. Help desk workers and other customer-facing employees are especially vulnerable to this, since they’re trained to be friendly and helpful but might not be trained about what not to reveal.

Question 38

Q

Social engineering attacks: Spam

Answer

A

Sending unsolicited emails or other electronic messages, with undesired or malicious content. Spam can be harmless noise, commercial advertisement, fraud attempts, or a way of delivering malware. Malicious spam uses social engineering to get users to read and act on it, and even the least harmful varieties generate network traffic and distract users.

Question 39

Q

Social engineering attacks: Phishing

Answer

A

Using fake but official-looking messages to trick users into performing dangerous actions. Often phishing attacks are distributed via spam email: a common method is to claim to be a bank or legitimate online service, with a link to log into their website. The link actually leads to a fake page maintained by the attacker, even if it looks genuine at first glance. In truth, it either contains malware, or tricks users into entering their credentials or some other personal information.

Question 40

Q

Social engineering attacks: Spear phishing

Answer

A

A variant of phishing that targets specific people, such as members of an organization or even individual users. Compared to a generic phishing message that could target almost anyone, a spear phishing attempt has personal or at least organizational information the attacker was able to gain beforehand and incorporate into the message. Spear phishing is an especially dangerous technique because those personal details can make even experienced users let their guard down and assume the attacker is a legitimate entity they should respond to.

Question 41

Q

Malware: Virus

Answer

A

Malware attached to an infected file, usually an executable program but possibly as a script inside a data file like an office document. The virus is harmless just sitting there on the drive, but when a user runs the program it becomes active. Then it can perform attacks, which very commonly include infecting other programs, corrupting data, or emailing itself to other users. Viruses were the first common malware, so sometimes “virus” gets used as a catch-all term.

Question 42

Q

Malware: Worm

Answer

A

Malware that spreads without any human interaction. By using system vulnerabilities it can replicate itself, spread to other systems, and run itself there. This makes worms capable of rapidly spreading through a network unassisted. Rapidly spreading worms can do damage just by the system resources they consume, but the most serious have malicious functions as well.

Question 43

Q

Malware: Trojan horse

Answer

A

Malware that appears to be a harmless or useful program, like a game or even an anti-virus application. It doesn’t reproduce, outside of just tricking unwary users into installing it normally. Once it’s running, its malicious functions take over. It might still be invisible to the end user, causing nothing more than system slowdowns or hidden vulnerabilities. Frequently a trojan will be attached to an email, masquerading as a useful file, funny video, or some other harmless program.

Question 44

Q

Malware: Backdoor

Answer

A

In general, a backdoor is any hidden way into a system or application that bypasses normal authentication systems. Backdoors created by malware can be used to gather data, remotely control the computer, send spam email, or almost anything the computer itself can. They’re frequently used with rogue servers that set up unauthorized network services on compromised systems.

Question 45

Q

Malware: Botnet

Answer

A

Many backdoors aren’t intended primarily to let an attacker log into the computer. Instead, they turn the computer into a zombie: part of a large network of computers that performs distributed network attacks or other processing tasks on behalf of the botnet’s controller. To the computer’s user, the zombie might appear normal or just be unusually slow.

Question 46

Q

Malware: Rootkit

Answer

A

Malware that compromises boot systems and core operating system functions in order to hide from most detection methods. In extreme cases, rootkits can infect device firmware, requiring specialized equipment to remove. Rootkits and similar features have even been used in commercial software: even if there’s no malicious intent from the vendor, they can compromise security other ways.

Question 47

Q

Malware: Ransomware

Answer

A

A particularly intrusive sort of malware that attempts to extort money from the victim in order to undo or prevent further damage. One common type of ransomware encrypts user files to make them unreadable, then demands payment to the malware’s distributor in exchange for the decryption key. Another type is a bogus “free antivirus” program claiming it’s detected an infection but that you need the paid version to actually remove it.

Question 48

Q

Malware: Spyware

Answer

A

Malware specifically designed to gather information about user and computer activities to send to other parties, often through a backdoor. Spyware can be used to track browser activity, redirect browser traffic, steal financial or user account information. Keyloggers which silently record all user input are a serious form of spyware. Sometimes tracking cookies used by web browsers are classified as spyware, though they tend to be more limited in capability.

Question 49

Q

Malware: Adware

Answer

A

Malware that delivers advertisements to the infected system, either as pop-ups or within browser or other application windows. Adware frequently has a spyware component, even if it’s just to track user activities and choose targeted ads.

Question 50

Q

Forced access attacks: Brute force

Answer

A

The attacker tries every possible password or key in a methodical order, until finding the right one. Brute force can crack any password in theory, but it’s a very slow method. Short passwords are very vulnerable to brute force cracking, but long passwords are much safer.

Question 51

Q

Forced access attacks: Dictionary attack

Answer

A

The attacker uses a word list, such as a literal dictionary or a list of common passwords. This approach won’t easily guess random character strings, but are very effective against passwords comprised of words or names. More sophisticated dictionary attacks check for words with appended numbers, common letter substitutions, and so on. Even long passwords can be vulnerable to dictionary attacks if they use recognizable words or patterns.

Question 52

Q

Forced access attacks: Hash table

Answer

A

Many password-based authentication systems rely on cryptographic hashes generated from the password, rather than the password itself. Attackers can leverage this by pre-calculating hashes for all possible passwords, at least up to a certain length. While creating a hash table is slow, using a hash table to crack passwords is much faster. This makes them useful for attackers who want to crack a lot of passwords at once. Hash tables are very large; even for short passwords, they can be many gigabytes in size.

Question 53

Q

Forced access attacks: Rainbow table

Answer

A

A more popular variety of hash table that’s designed to use less disk space. It doesn’t crack passwords as quickly as a full hash table, but it’s still a lot faster than brute force attacks, so it’s an appealing compromise for many attackers. Like brute force and hash tables, rainbow tables are most effective against short passwords. Some authentication systems are designed to protect against them.

Question 54

Q

Network attacks: DoS

Answer

A

Denial of service attacks are designed to prevent legitimate users from accessing a network service or an entire network. The most common DoS technique attacks servers or routers with overwhelming or unusual traffic which consumes its resources and causes slowdowns or crashes. Other DoS methods include locking users out of accounts, or physically attacking hardware. Malware and forced access can also be used with DoS in mind.

Question 55

Q

Network attacks: DDoS

Answer

A

Distributed denial of service is a type of DoS where a single target is flooded by traffic from many individual computers, often spread across the internet. The number of attackers, and their distribution on the network, make the attack harder to defend against. DDoS attacks commonly use botnets directed by the actual attacker, and can overwhelm even powerful networks.

Question 56

Q

Network attacks: Eavesdropping

Answer

A

Any attack that intercepts or observes private communications. Eavesdropping is common for social engineering attacks like shoulder surfing, but on the network it’s most common where an attacker can get access to unencrypted network traffic, such as from an unprotected switch or an open Wi-Fi network.

Question 57

Q

Network attacks: Man-in-the-middle

Answer

A

A form of eavesdropping where an attacker intercepts and relays communications between two points, often impersonating each party in the eyes of the other. This is much more potent than ordinary eavesdropping because the MITM can also insert or modify information in real time before it reaches its destination. Some MITM techniques are even designed specifically to attack protocols which are secure against ordinary eavesdropping. This type of attack is often directed at online banking and e-commerce sites, allowing the attacker to capture login credentials and other sensitive data. Sometimes the attack itself is a malicious script within the user’s browser, rather than out somewhere on the network.

Question 58

Q

Network attacks: Spoofing

Answer

A

A technique that falsifies the origin of network communications, either to redirect responses or to trick users into thinking it comes from a trustworthy source. Spoofing attacks can apply to almost any protocol that specifies both a destination and an origin address: IP addresses on the internet, MAC addresses on the LAN, or specific applications such as email addresses or caller ID. Usually spoofing isn’t an attack in itself so much as a way to enable other attacks like DoS or social engineering.

Question 59

Q

Network attacks: DNS hijacking

Answer

A

An attacker giving false replies to DNS requests sent by a host, in order to redirect traffic to a malicious or fraudulent site. Sometimes called pharming. When you or an application try to access a named host, you actually connect to the attacker’s site which may host malware, perform MITM attacks, or just trick you into divulging sensitive information. DNS hijacking can occur via compromised DNS servers on the network, or DHCP servers that give hosts incorrect DNS settings., Hosts themselves can also be targeted by installing malware, changing network settings, or altering the hosts file the operating system uses to help resolve names.
Social engineering, threats, and vulnerabilities

Question 60

Q

What is a fraudulent act of acquiring private and sensitive information, such as credit card numbers, personal identification, and account usernames and passwords?

Question 61

Q

What can be used to track browser activity, redirect browser traffic, and steal user account information?

Question 62

Q

What refers to the act of obtaining personal or private information through direct observation?

Answer

A

Shoulder surfing

Question 63

Q

What is a malicious code that restricts access to a user’s device or the data stored on it until the victim pays the attacker to remove the restriction?

Answer

A

Ransomware

Question 64

Q

Give 2 forms of Confidentiality:

Answer

A

Ensures that the information is viewable only by authorized users or systems
Ensures that the information is either inaccessible or unreadable to unauthorized users

Answer 59

A

Ensures that the information remains accurate and complete over its entire lifetime
Ensures that the data in storage or transit can’t be modified in an undetected manner

Answer 60

A

Ensures that the information is always easily accessible to authorized users
Ensures that the information is always easily accessible to authorized users

Answer 61

A

The Sarbanes-Oxley Act of 2002 is a US federal law designed to prevent fraudulent accounting practices. It applies primarily to financial records managed by companies that do business in the United States.

Answer 62

A

The Health Insurance Portability and Accountability Act is a US law governing health insurance coverage, but from an IT perspective it protects the privacy of patient records. It applies to any organization that stores or handles protected data.

Answer 63

A

The General Data Protection Regulation is a newly enacted European Union regulation which protects the privacy of individual data related to EU residents. It applies not only to any organization in the EU which handles personal information, but specifically to foreign organizations that do business with or market to EU residents.

Answer 64

A

The Payment Card Industry Data Security Standard isn’t a law; instead, it’s a set of shared rules developed by the world’s major credit card companies and administered by the PCI Council. PCI DSS compliance is part of the contract an organization must sign before it is permitted to process payment cards.

Answer 65

A

Personally identifiable information is information that can be used to uniquely identify an individual person, either on its own or in conjunction with other information. It can also mean information that specifically relates to an individual person. PII is a focus of many privacy regulations and the target of various attacks; since it is a legal term rather than a technical one, its definition varies by jurisdiction. PII examples include contact information like name and address, personal attributes such as age or gender, and other life details like grades or workplace.

Answer 66

A

Protected health information is PII which can be connected to an individual’s health status, medical treatments, and health care payments. PHI is defined by HIPAA, and must be protected by any organization under the jurisdiction of that law. Similar laws apply to health care data in other countries, and there are corresponding laws for other industries like education.

Answer 67

A

The GDPR itself is a broad set of privacy laws intended to make sure that businesses which make sure consumers are aware of what PII businesses collect about them, and to give them more control over what is collected and how long it is kept. It most visibly has come to apply to websites and online services which collect user data, but it affects other companies as well. Any collected PII related to EU consumers is covered by the GDPR.

Answer 68

A

PCI-DSS regulations apply to any information regarding payment cards issued by major credit card vendors, and the customers that pay using those cards. They are designed both to guarantee interoperability among various payment card systems, but also to make sure both payment card data and the systems which process them are safe against fraudulent purchases and identity theft. Any systems which store or handle such data must be PCI-DSS compliant.

Answer 69

A

Uses the same key for both encryption and decryption. Also known as private key cryptography since the key must be kept secret for security to be affected. Symmetric algorithms are used primarily for encrypting bulk data, such as secure network communications and storage devices. They include AES, 3DES, RC4, Blowfish, and Twofish.

Answer 70

A

Uses two mathematically related keys. Data encrypted with the first key can only be decrypted with the second, and vice-versa. Also known as public key cryptography, since typically only one key is kept private and the other is public knowledge. Asymmetric algorithms can be used to encrypt arbitrary data, but since that’s more computationally expensive they’re more often used to prove identity or securely exchange symmetric keys. They include RSA, DSA, ECC, and Diffie-Hellman.

Answer 71

A

Converts data a unique signature called a hash. Hashes don’t contain the original data and can’t be reliably reversed. However, since any change to data changes its hash, data can be compared to a stored hash to verify its integrity. Hashes are important in data preservation, authentication, and system integrity checking. Common algorithms include MD5, SHA-1, and the SHA-2 family.

Answer 72

A

Positive identification of a person or system wishing to initiate communications, for example via a username/password or an ID card.

Answer 73

A

Specifying the exact resources a given authorized user is allowed to access, such as file permissions on a hard drive.

Answer 74

A

Auditing and logging the actions of an authenticated user for later review, such as operating system logs tracking logins and accessed files.

Answer 75

A

Something you know, like a password, PIN, or answer to a challenge question.

Answer 76

A

Something you possess, like a physical key, ID badge, or smart card. Traditionally, this includes any form of digital data a human can’t be expected to memorize.

Answer 77

A

Something you are; that is, a unique physical or behavioral characteristics, like a fingerprint, voice print, or signature. Inherence elements that are based on personal physical characteristics are called biometrics.

Answer 78

A

ny physical property intrinsic to an individual human body, ranging from fingerprints to DNA to scent. Usually distinguished from behavioral characteristics like signatures and typing patterns. Contrary to some popular belief, biometric authentication isn’t necessarily more reliable or harder to fool than any other type, but it’s still useful.

Answer 79

A

A file created and signed using special cryptographic algorithms. The holder has both a public certificate which can be shared freely, and a secret encryption key which is never shared. Sample data encrypted with the secret key can be decrypted with the public certificate, proving the person or system presenting the certificate also holds the key. The authentication system can store certificates for allowed users, or submit a newly presented certificate to a trusted third party such as a certificate authority to verify its owner’s identity. One common application of digital certificates is the one assigned to each secure website in order to prove its identity to visiting browsers.

Answer 80

A

A one-time password that is valid for a single session, so it can’t be stolen and reused. The OTP still has to be known to both the user and the authenticator somehow, so it’s a challenge to accurately create one. An OTP can be generated independently on both ends by a sequential or time-based algorithm, or it can be generated by the authenticator and transmitted to the user out-of-band, such as to an email address or phone number.

Answer 81

A

Broadly speaking, any physical device used to aid authentication by containing secret information. A hardware token might have an LCD display to generate OTPs you can type in, or it might be a digital certificate securely stored on a USB key, RFID key fob, or scannable card.

Answer 82

A

A stored file that serves similar purposes to a hardware token. The term is a little flexible: usually it’s applied to applications that allow a smartphone or other computer to serve as a hardware token, but it’s sometimes used to describe temporary authentication and authorization data stored on and exchanged between computers in single sign-on environments.

Answer 83

A

A traditional machine-readable card, such as a bank or transit card, with a magnetic stripe to store user data. They’ve been around a very long time, and while they’re useful they’re not secure. They don’t store very much data, and they’re easy to clone. Magnetic stripe cards can still be used in multi-factor authentication, but they’re not a very strong method on their own.

Answer 84

A

An authentication card with an integrated circuit built in. At the least, a smart card’s chip holds basic identifying information like a magnetic stripe would; it can also hold digital certificates, store temporary data, or even perform cryptographic processing functions to keep its data secure. Smart cards don’t generally contain batteries, but instead receive power from the reader.

Answer 85

A

Members of this group have full control of the computer, and they can assign user rights and access control permissions to users as necessary. The Administrator account is a default member of this group. Administrators can’t actually do literally everything on the computer, since some privileges are reserved to specialized system accounts and should never be performed directly by users. However, they can perform administrative tasks such as installing applications and hardware drivers, creating and deleting user accounts, or changing sensitive operating system settings. Adding an account to this group makes it very powerful, and a potential security risk.

Answer 86

A

Only found on Domain accounts. Members of this group have full control of computers throughout the domain. The Administrator account is joined to this group when a domain is formed. Privileges on an individual computer are similar to that of Administrators group members.

Answer 87

A

Members of this group can perform common tasks and run most applications. However, they can’t share folders, install printers, or generally change any system-wide settings that can affect other users or put system security at risk. Most newly created accounts are simply Users. In general, administrators as well as other privileged users also belong to the Users group, so a privilege added to this group applies to everyone.

Answer 88

A

In older versions of Windows, members of this group had privileges beyond that of an ordinary user, but less than that of an administrator. In modern versions of Windows this group exists but has no special privileges. It can still be customized to make a general set of “privileged user” permissions.

Answer 89

A

Members of this group have much more limited permissions than Users. They can’t customize settings, install software, or even change their own passwords. Guest accounts aren’t protected by passwords and use a temporary profile that’s deleted at logoff. Windows versions that include a Guest account generally disable it by default.

Answer 90

A

Members of this group can back up and restore files from anywhere on the computer, regardless of individual file and folder permissions. While the Backup Operator privilege overrides any normal file system permissions, members of this group have no special power to change security settings.

Answer 91

A

Members of this group can log onto the computer remotely through Remote Desktop Services. This provides an easy way to control which accounts are allowed to use remote access, and which must be physically at the computer.

Answer 92

A

Members of this group are authorized to perform cryptographic operations.

Answer 93

A

Members of this group are allowed to start, activate, and use DCOM objects on a computer.

Answer 94

A

This is a built-in group that is used by Internet Information Services (IIS).

Answer 95

A

Members of this group can make changes to TCP/IP settings, and they can renew and release TCP/IP addresses. This group has no default members.

Answer 96

A

Members of this group can manage performance counters, logs, and alerts on a computer—both locally and from remote clients.

Answer 97

A

Members of this group can monitor performance counters on a computer—locally and from remote clients.

Answer 98

A

This group supports replication functions. The only member of the Replicator group should be a domain user account that is used to log on to the Replicator services of a domain controller.

Answer 99

A

Members of this group can offer Remote Assistance to the users of this computer.

Answer 100

A

Biometric lock

Brainscape's Knowledge GenomeTM

Security Principles Flashcards

Brainscape's Knowledge Genome^TM