Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > SY0-701: 1.0 (General Security Concepts) > Flashcards

SY0-701: 1.0 (General Security Concepts) Flashcards

1
Q

CIA Triad (1.2)

A

Confidentiality (Encryption), Integrity (Hashes), Availability (Info is stored, accessed, and protected and all times)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality (1.2)

A

Protection of information from unauthorized access and disclosure via:
Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Encryption (1.2)

A

Process of converting data into code to prevent unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Controls (1.2)

A

Ensure only authorized personnel can access certain types of data using user permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data Masking (1.2)

A

Method that involves obscuring data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users (e.g. first part of credit card is masked with “X’s”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Physical Security Measures (1.2)

A

Used to ensure confidentiality for physical types of data (e.g. papers locked in filing cabinet) and for digital information contained on servers and workstations (e.g. biometric access, smart card access, locked server rooms)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Training and Awareness (1.2)

A

Conducting regular training on the security awareness best practices that employees can use to protect the organization’s sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Integrity (1.2)

A

Helps to ensure information and data remain accurate and unchanged from their original state unless intentionally modified by an authorized individual in order to:
Ensure data accuracy
Maintain trust
Ensure system operability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hashing (1.4)

A

One-way cryptographic function that takes an input and produces a unique message digest as its output (hash value is known as a hash digest which serves as a digital fingerprint)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Digital Signatures (1.2)

A

Uses encryption to ensure integrity and authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Checksums (1.2)

A

Method to verify the integrity of data during transmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Access Controls (1.2)

A

Ensure that only authorized individuals can modify data and reduce the risk of unintentional or malicious alterations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Regular Audits (1.2)

A

Involves systematically reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Availability (and how it’s measured) (1.2)

A

Used to ensure that information, systems, and resources are accessible and operational when needed by authorized users in order to:
Ensure business continuity
Maintain customer trust
Upholding an organizations reputation
(3 Nines = 99.9% uptime; 5 nines is gold standard)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Redundancy (1.2)

A

Duplication of critical components or functions of a system with the intention of enhancing its reliability:
Server redundancy
Data redundancy
Network redundancy
Power redundancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Server Redundancy (1.2)

A

Using multiple servers in a load balance so that if one is overloaded or fails, the other servers can take over the load

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data Redundancy (1.2)

A

Storing data in multiple places (RAID, cloud-based backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Network Redundancy (1.2)

A

Ensures that if one network path fails, the data can travel through another route

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Power Redundancy (1.2)

A

Using backup power sources to ensure that an organization’s systems remain operational during periods of power disruption or outages within a local service area

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Non-Repudiation (1.2)

A

Focuses on providing undeniable proof in digital transactions (e.g. Digitally signing email) in order to:
Confirm the authenticity of digital transactions
Ensure integrity of critical communications
Provide accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Digital Signature (1.2)

A

Non-Repudiation; Created by first hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user’s private key using asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

AAA (1.2)

A

Authentication (Prove your identity), Authorization (Allowed to have access), Accounting (Data tracking, e.g. log file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Authentication (1.2)

A

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

5 Methods of Authentication (1.2)

A

Something you Know (Knowledge Factor; Name/Password)
Something you have (Possession Factor; Smart Card)
Something you are (Inherence Factor; Biometrics)
Something you do (Action Factor; Typing/Speaking pattern)
Somewhere you are (Location Factor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

2FA / MFA (1.2)

A

Two-Factor Authentication / Multi-Factor Authentication (2 or more authentication factors)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Authorization (1.2)

A

Permissions and privileges granted to users or entities after they have been authenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Accounting (1.2)

A

Security measure that ensures all user activities are properly tracked and recorded in order to:
Provide audit trail
Gain regulatory compliance
Perform forensic analysis
Optimize resources
Maintain user accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Audit Trail (1.2)

A

Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Regulatory Compliance (1.2)

A

Maintains a comprehensive record of all the users activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Forensic Analysis (1.2)

A

Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again in the future

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Resource Optimization (1.2)

A

Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Maintain User Accountability (1.2)

A

Thorough accounting system ensures users actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Syslog Server (1.2)

A

Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Network Analyzers (1.2)

A

Used to capture and analyze network traffic to gain detailed insights into all the data moving within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

SIEM (1.2)

A

Security Information and Event Management
Provides real-time analysis of security alerts generated by various hardware and software infrastructure in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Security Control Categories (1.1)

A

Technical Controls
Administrative/Managerial Controls
Operational
Physical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Technical Controls (1.1)

A

The technologies, hardware, and software mechanisms that are implemented to manage and reduce risks (antivirus, firewalls, encryption processes, intrusion detection systems, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Administrative/Managerial Controls (1.1)

A

Involves the strategic planning and governance side of security (policies, procedures, security awareness training, disaster recovery plans)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Operational Controls (1.1)

A

Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions (password change requirements, backup procedures, account reviews)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Physical Controls (1.1)

A

Tangible, real-world measures, taken to protect assets (fences, shredding documents, security guards, door locks, surveillance cameras)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Security Control Types (1.1)

A

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Preventative Controls (1.1)

A

Proactive measures implemented to thwart potential security threats or breaches (e.g. firewalls)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Deterrent Controls (1.1)

A

Aim to discourage potential attackers by making the effort seem less appealing or more challenging (alarm system signs/warning signs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Detective Controls (1.1)

A

Monitor and alert organizations to malicious activities as they occur or shortly thereafter (antivirus in detection mode, security cameras, alarm systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Corrective Controls (1.1)

A

Mitigate any potential damage and restore the systems to their normal state (antivirus in quarantine/removal mode)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Compensating Controls (1.1)

A

Alternative measures that are implemented when primary security controls are not feasible or effective (WPA2 w/ VPN if WPA3 isn’t available)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Directive Controls (1.1)

A

Often rooted in policy or documentation and set the standards for behavior within an organization (Acceptable Use Policy- AUP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Gap Analysis (1.2)

A

Process of evaluating the differences between an organization’s current performance and its desired performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Gap Analysis Steps (1.2)

A
  1. Define the scope of analysis
  2. Gather data on the current state of the organization
  3. Analyze the data to identify gaps
  4. Develop a plan to bridge the gap
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Gap Analysis Types (1.2)

A

Technical Gap Analysis
Business Gap Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Technical Gap Analysis (1.2)

A

Involves evaluating an organizations current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize its security solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Business Gap Analysis (1.2)

A

Involves evaluating an organizations current business processes and identifying any areas where they fall short of the capabilities required to fully utilize the solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

POA&M (1.2)

A

Plan Of Action & Milestones: Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Zero Trust (1.2)

A

Security Model that operates on the principle that no one, whether inside or outside the organization, should be trusted BY DEFAULT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Zero Trust- Planes (1.2)

A

Control Plane
Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Zero Trust- Control Plane (1.2)

A

The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Zero Trust- Control Plane Key Elements (1.2)

A

Adaptive Identity
Threat Scope Reduction
Policy-driven access control
Policy Administrator
Policy Engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Adaptive Identity (1.2)

A

Use adaptive identities that rely on real-time validation that takes into account the user’s behavior, device, location, and more (entering current password in order to change password)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Threat Scope Reduction (1.2)

A

Limit the users access to only what they need for their work tasks because this drastically reduces the network’s potential attack surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Policy-driven access control (1.2)

A

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Secured Zone (1.2)

A

Isolated environments within a network that are designed to house sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Policy Administrator (1.2)

A

Used to establish and manage the access policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Policy Engine (1.2)

A

Cross-reference the access request with its predefined policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Data Plane (1.2)

A

Implicit trust zones
Subject/System
Policy Enforcement Point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Implicit trust zones (1.2)

A

Area of network where all communications are implicitly trusted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Subject/System (1.2)

A

Refers to the individual or entity attempting to gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Policy Enforcement Point (1.2)

A

Allow, restrict, or deny access; it will effectively act as a gatekeeper to the sensitive areas of the systems or networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Deception and Disruption Technologies (1.2)

A

Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Honeypots
Honeynets
Honeyfiles
Honeytokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Honeypots (1.2)

A

Decoy system or network set up to attract potential hackers

70
Q

Honeynets (1.2)

A

Network of honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers, and switches

71
Q

Honeyfiles (1.2)

A

Decoy file placed within a system to lure in potential attackers

72
Q

Honeytokens (1.2)

A

Piece of data or a resource that has no legitimate value or use but is monitored for access or use (e.g. fake user account, fake database entry)

73
Q

TTPs (1.2)

A

Tactics, Techniques, and Procedures
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors (MO of the cybersecurity world)

74
Q

Bogus DNS (1.2)

A

Fake DNS entries introduced into a system’s DNS server

75
Q

Port Triggering (1.2)

A

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

76
Q

Fake telemetry Data (1.2)

A

System can respond to an attacker’s network scan attempt by sending out fake telemetry or network data

77
Q

Decoy Directories (1.2)

A

Fake folders and files placed within a system’s storage

78
Q

Dynamic Page Generation (1.2)

A

Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor

79
Q

Symmetric Algorithm (1.4)

A

aka Private Key Cryptography- Encryption method which uses a single key to encrypt and decrypt the data; sharing the same key is not scalable but this method is much faster that asymmetric

80
Q

Asymmetric Algorithm (1.4)

A

aka Public Key Cryptography- Encryption method which uses two different keys (a public key and a private key) to encrypt and decrypt the data

81
Q

Hybrid Encryption Implementation (1.4)

A

Utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption

82
Q

Stream Cipher (1.4)

A

Utilizes a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext; good for real-time applications such as communications

83
Q

Block Cipher (1.4)

A

Breaks the input into fixed-length blocks of data and performs the encryption on each block; easier than stream to set up and implement

84
Q

DES (1.4)

A

Data Encryption Standard- Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using an effective key strength of only 56-bits (used 1970’s - early 2000’s)

85
Q

3DES (1.4)

A

Triple Data Encryption Standard- Encryption algorithm which uses 3 separate symmetric keys, one to encrypt, one to “decrypt” (although second key doesn’t actually decrypt), then the 3rd to encrypt again in order to increase the strength of DES; effectively a 112-bit algorithm

86
Q

IDEA (1.4)

A

International Encryption Algorithm- Symmetric block cipher which uses 64-bit blocks to encrypt data; 128-bit

87
Q

AES (1.4)

A

Advanced Encryption Standard- Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt data; go to for symmetric encryption

88
Q

Blowfish (1.4)

A

Symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt data; 32-bit to 440-bit key

89
Q

Twofish (1.4)

A

Provides the ability to use 128-bit blocks io its encryption algorithm; 128-bit, 192-bit, or 256-bit key

90
Q

RC Cipher Suite (1.4)

A

Created by Ron Rivest (RC4, 5, and 6 are in use)

91
Q

RC4 (1.4)

A

Rivest Cipher 4- Symmetric stream cipher using a variable key size from 40-bits to 2048-bits; used in SSL and WEP

92
Q

RC5 (1.4)

A

Rivest Cipher 5- Symmetric block cipher that uses key sizes up to 2048-bits

93
Q

RC6 (1.4)

A

Rivest Cipher 6- Symmetric block cipher that was introduced as a replacement for DES but AES was chosen instead

94
Q

Asymmetric Cryptography provides… (1.4)

A

Confidentiality
Integrity
Authentication
Non-Repudiation (Symmetric doesn’t provide this since private keys must be shared)

95
Q

Asymmetric Encryption process (for confidentiality) (1.4)

A

Encrypt using RECIPIENTS PUBLIC KEY and only recipient can decrypt using their private key

96
Q

Asymmetric Encryption process (for non-repudiation) (1.4)

A

Encrypt using SENDERS PRIVATE KEY and data is decrypted using senders public key which anyone can access

97
Q

Digital Signature Process (1.4)

A
  1. A hash digest of a message is encrypted with the senders private key to let the recipient know the document was created and sent by the person claiming to have sent it (integrity, authenticity, and non-repudiation)
  2. The message is encrypted using the recipients public key so they can read it only after decrypting with their private key (confidentiality)
98
Q

DH (1.4)

A

Diffie-Hellman- Asymmetric algorithm used to conduct key exchanges and secure key distribution over an unsecure network
Widely used for key exchange inside VPN tunnel establishment as part of IPSec
Susceptible to man in the middle attacks

99
Q

RSA (1.4)

A

Created by Rivest, Shamir, and Adleman- Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers
Widely used for key exchanges and digital signatures
Can support key sizes between 1024-bits and 4096-bits

100
Q

ECC (Encryption) (1.4)

A

Elliptic Curve Cryptography- based on the algebraic structure of elliptical curves over finite fields to define its keys
A 256-bit key with ECC is just as secure as a 2048-bit key with RSA
ECC and all variants are heavily used in mobile devices and low-power computing devices because they require less power/processing to decrypt

101
Q

ECDH (1.4)

A

Elliptic Curve Diffie-Hellman- ECC version of the Diffie-Hellman key exchange protocol

102
Q

ECDHE (1.4)

A

Elliptic Curve Diffie-Hellman Ephemeral- Uses a different key for each portion of the key establishment process inside the Diffie-Hellman key exchange

103
Q

ECDSA (1.4)

A

Elliptic Curve Digital Signature Algorithm- Used as a public key encryption algorithm by the US Government in their digital signatures

104
Q

MD5 (1.4)

A

Hashing algorithm- creates a 128-bit hash value that is unique to the input file
Most popular and most widely used but since it’s only 128-bit collisions are possible

105
Q

SHA (1.4)

A

Secure Hash Algorithm- family of algorithms created to replace MD5
Each versions performs a different number of rounds of mathematical computations to create the hash digest

106
Q

SHA-1 (1.4)

A

Secure Hash Algorithm- creates 160-bit hash digest

107
Q

SHA-2 (1.4)

A

Secure Hash Algorithm
uses between 64-80 rounds of computations to create digest
SHA-224: creates 224-bit hash digest
SHA-256: creates 256-bit hash digest
SHA-384: creates 384-bit hash digest
SHA-512: creates 512-bit hash digest

108
Q

SHA-3 (1.4)

A

Secure Hash Algorithm
Same algorithms as SHA-2 224-512 bits) but more secure because it uses 120 rounds of computations to create digest

109
Q

RIPEMD (1.4)

A

RACE Integrity Primitive Evaluation Message Digest
Comes in 160-bit, 256-bit, and 320-bit versions
160-bit version is most common (RIPEMD-160)
Competitor to SHA but not as popular

110
Q

HMAC (1.4)

A

Hash-based Message Authentication Code
Used to check integrity of a message and provides some level of assurance that its authenticity is real
Paired with other algorithms (HMAC-MD5, HMAC-SHA256)

111
Q

DSS (1.4)

A

Digital Security Standard- Relies on a 160-bit message digest created by the Digital Security algorithm. Used by the federal government for digitally signing (commercial entities use RSA because it is faster and can be used for digital signatures, encryption, and key distribution)

112
Q

Pass the Hash Attack (1.4)

A

Hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a users password instead of requiring the associated plaintext password

113
Q

Mimikatz (1.4)

A

Provides the ability to automate the process of harvesting the hashes and conducting the attack

114
Q

Birthday Attack (1.4)

A

Occurs when an attacker is able to send two different messages through a hash algorithm and it results in the same identical hash digest, referred to as a collision

115
Q

Key Stretching (1.4)

A

Technique that is used to mitigate a weaker key by increasing the time needed to crack it; hash a password multiple times

116
Q

Salting (1.4)

A

Adding random data into a one-way cryptographic hash to help protect against password cracking techniques

117
Q

Dictionary Attack (1.4)

A

When an attacker tries every word from a predefined list

118
Q

Brute-Force Attack (1.4)

A

When an attacker tries every possible password combination

119
Q

Rainbow Tables (1.4)

A

Precomputed tables for reversing cryptographic hash functions

120
Q

Nonce (1.4)

A

Stands for “number used once”, is a unique, often random number, that is added to a password-based authentication process

121
Q

PKI (1.4)

A

Public Key Infrastructure- System that creates the asymmetrical key pairs that consist of those public and private keys that are used in the encryption and decryption process; also manages digital keys and certificates

122
Q

Public Key Cryptography (1.4)

A

This encryption and decryption process is just one small part of the overall PKI architecture

123
Q

Certificate Authority (1.4)

A

Issues digital certificates and keeps the level of trust between all of the certificate authorities around the world

124
Q

Key Escrow (1.4)

A

Process where cryptographic keys are stored in a secure, third-party location, which is effectively an “escrow”

125
Q

Public Key Encryption (1.4)

A

Refers to asymmetric encryption and decryption

126
Q

Digital Certificate (1.4)

A

Digitally signed electronic document that binds a public key with a users identity

127
Q

Wildcard Certificate (1.4)

A

Allows all of the subdomains to use the same public key certificate and have it displayed as valid

128
Q

SAN Field (1.4)

A

Subject Alternate Name- Certificate that specifies what additional domains and IP addresses are going to be supported; used when certificate needs to cover websites on different domains

129
Q

Single-Sided Certificate (1.4)

A

Only requires the server to be validated

130
Q

Dual-Sided Certificate (1.4)

A

Requires both the server and the user to be validated

131
Q

Self-Signed Certificate (1.4)

A

Digital certificate that is signed by the same entity whose identity it certifies

132
Q

Third-Party Certificate (1.4)

A

Digital certificate issued and signed by a trusted certificate authority (CA)

133
Q

CA (1.4)

A

Certificate Authority; Trusted third party who is going to issue these digital certificates (Verisign, Digisign, Amazon, Google, CloudFlare)

134
Q

Root of Trust (1.4)

A

Hierarchal tree where the top (root) is checked to vouch for the lower parts; Root is usually a third-party CA; Each certificate is validated using the concept of a root of trust or the chain of trust

135
Q

RA (1.4)

A

Registration Authority; Requests identifying information from the user and forwards that certificate request up to the certificate authority to create the digital certificate

136
Q

CSR (1.4)

A

Certificate Signing Request; A block of encoded text that contains information about the entity requesting the certificate

137
Q

CRL (1.4)

A

Certificate Revocation List; Serves as an online list of digital certificates that the certificate authority has already revoked

138
Q

OCSP (1.4)

A

Online Certificate Status Protocol; Allows to determine the revocation status of any digital certificate using its serial number

139
Q

OCSP Stapling (1.4)

A

Online Certificate Status Protocol Stapling; Allows the certificate holder to get the OCSP record from the server at regular intervals (this is an alternative to OCSP and is part of the SSL/TLS handshake)

140
Q

Public Key Pinning (1.4)

A

Allows an HTTPS website to resist impersonation attacks from users who are trying to present fraudulent certificates

141
Q

Key Recovery Agent (1.4)

A

Specialized type of software that allows the restoration of a lost or corrupted key to be performed

142
Q

Blockchain (1.4)

A

A shared, immutable, ledger for recording transactions, tracking assets, and building trust
Each block contains a hash value for the prior block

143
Q

Public Ledger (1.4)

A

A record keeping system that maintains participants identities in a secure and anonymous format

144
Q

Smart Contracts (1.4)

A

Self-Executing contracts where the terms of agreement or conditions are written directly into lines of code

145
Q

Permissioned Blockchain (1.4)

A

Used for business transactions and it promotes new levels of trust and transparency using this immutable public ledgers

146
Q

TPM (1.4)

A

Trusted Module Platform; Dedicated microcontroller designed to secure hardware through integrated cryptographic keys

147
Q

HSM (1.4)

A

Hardware Security Module; Physical device that safeguards and manages digital keys, primarily used for mission-critical situations like financial transactions

148
Q

KMS (1.4)

A

Key Management System; Integrated approach for generating, distributing, and managing cryptographic keys for devices and applications

149
Q

Secure Enclave (1.4)

A

Co-processor integrated into the main processor of some devices, designed with the sole purpose of ensuring data protection

150
Q

Steganography (1.4)

A

Derived from the Greek words meaning “covered writing,” and it is all about concealing a message within another so that the very existence of the message is hidden

151
Q

Tokenization (1.4)

A

Transformative technique in data protection that involves substituting sensitive data elements with non-sensitive equivalents, called tokens, which have no meaningful value

152
Q

Data Masking (1.4)

A

Used to protect data by ensuring that it remains recognizable but does not actually include sensitive information

153
Q

Change Management (1.3)

A

An organizations orchestrated strategy to transition from its existing state to a more desirable

154
Q

CABChange Management (1.3)

A

Change Advisory Board- Body of representatives from various parts of an organization that is responsible for evaluation of any proposed changes

155
Q

Change Owner (1.3)

A

An individual or a team that initiates the change request

156
Q

Stakeholder (1.3)

A

A person who has a vested interest in the proposed change

157
Q

Impact Analysis (1.3)

A

An integral part of change management process that involves understanding of changes potential fallout
-What could go wrong?
-What would be the immediate effects?
-How would the long-term ops be impacted?
-Are there unforeseen challenges that might cause an issue?

158
Q

Change Management Process (1.3)

A

Preparation
Vision for Change
Implementation
Verification
Documentation

159
Q

Preparation (Change Management) (1.3)

A

Involves assessing the current state and recognizing the need for transition

160
Q

Vision for Change Change Management (1.3)

A

A clear, compelling description of the desired future state that is guiding the transformation process within an organization
-Define future state
-Explain reasons for change
-Ensure vivid vision

161
Q

Implementation (Change Management) (1.3)

A

Put the plan into action
-Training
-Restructuring teams
-Introducing new technologies
-Continuous communication

162
Q

Verification (Change Management) (1.3)

A

Measuring the changes effectiveness by comparing it to the initial objectives
-Surveys
-Performance metrics analysis
-Stakeholder interviews

163
Q

Documentation (Change Management) (1.3)

A

Creating a thorough record of the entire change process
-Reflect on past initiatives
-Understand decisions
-Improve practices

164
Q

Areas of Consideration (Change Management Process) (1.3)

A
  1. Use of scheduled maintenance windows
  2. Creation of a backout plan
  3. Testing of results
  4. Use of Standard Operating Procedures (SOPs)
165
Q

Backout Plan (1.3)

A

Predetermined strategy for restoring systems to their initial state in case a change does not go as expected

166
Q

SOP (1.3)

A

Standard Operating Procedure- A step-by-step instruction that guides the carrying out of a specific task to maintain consistency and efficiency

167
Q

Technical Implications of Change (1.3)

A

Allow / Deny lists
Restricted Activities- Knowing the restrictions prior to implementing the change will prevent data breaches and operational problems (e.g. before updating server know whether or not its too sensitive to take offline)
Downtime
Service / Applications Restart
Legacy Applications
Dependencies

168
Q

Documenting Changes (1.3)

A

Version Control
Proper Documentation
Maintenance of various associated records

169
Q

Version Control (1.3)

A

Tracks and manages changes in documents and software, enabling collaborative work and reverting to prior versions when needed

170
Q

Proper Documentation (1.3)

A

Document and record every change
Update diagrams
Revise policies
Update change requests
Maintain associated trouble tickets

Security+ (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions