Sybex - Chapter 1 Flashcards

1
Q

Three Common Types of Security Evaluation

A

Risk Assessment, Vulnerability Assessment, Penetration Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process of identifying assets, threats, and vulnerabilities, then using that information to calculate risk.

A

Risk Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Using automated tools to locate known security weaknesses, which can be addressed by adding in more defenses or adjusting the existing protections.

A

Vulnerability Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Using trusted individuals to stress-test the security infrastructure to find issues that may not be discovered by prior two means, with the goal of finding those concerns before an adversary takes advantage of them.

A

Penetration Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Concept of measures used to ensure the protection of the secrecy of data, objects, resources. Goal is to prevent or minimize unauthorized access to data.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Countermeasures for this can include: Encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, and extensive personnel training.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The follow concepts belong to what part of the CIA Triad?

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The concept of protecting the reliability and correctness of data. This prevents unauthorized alterations of data and provides a means for authorized changes while protecting against intended and malicious unauthorized activities (such as viruses and intrusions) as well as mistakes made by authorized users.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The following concepts belong to what part of the CIA Triad?

Preventing unauthorized subjects from making modifications, preventing authorized subjects from making unauthorized modifications such as mistakes, and maintaining the internal and external consistency of objects so data is correct and true reflection of the real world.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Countermeasures for this can include: strict access control, authentication procedures, intrusion detection systems, hash verifications, object/data encryption, interface restrictions, input checks, etc.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The following concepts belong to what part of the CIA Triad?

Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This concept means authorized subjects are granted timely and uninterrupted access to objects.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The following concepts belong to what part of the CIA Triad?

Usability, Accessibility, Timeliness

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does DAD Triad (Opposite of CIA Triad) stand for?

A

Disclosure - When sensitive or confidential material is accessed by unauthorized entities. Violation of Confidentiality.

Alteration - When data is maliciously or accidentally changed. Violation of integrity.

Destruction - When a resource is damaged or made inaccessible to authorized users. Violation of Availability. Also known as DoS (Denial of Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security concept that data is genuine and originates from its alleged source with high confidence.

A

Authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ensures that the subject of an activity or who caused an event cannot deny the event occurred. This prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.

A

Nonrepudiation

17
Q

What are the five elements of AAA services (which leads to nonrepudiation)?

A

Identification - Claiming to be an identity when attempting to access an area or system.

Authentication - Proving you are the claimed identity

Authorization - Defining permissions of a resource or object access for specific identity

Auditing - Recording a log of events or actions related to system or subject

Accounting (aka Accountability) - Reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions.

18
Q

What is it called with you layer security controls in a series for better protection?

A

Defense in Depth (also layering)

19
Q

When similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective, what is this called?

A

Abstraction

20
Q

Preventing data from being uncovered or discovered by a subject by positioning the data in logical storage compartments not accessible or seen by the subject.

A

Data Hiding