Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ Eam SYO-401 > Security Fundamentals > Flashcards

Security Fundamentals Flashcards

1
Q

Data

A

This is a general term that relates to the information assets of a person, customer, or organization. In a computer system, the files are the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Three primary goals of information security.

A

Prevention, Detection, and Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk

A

A concept that indicates exposure to the chance of damage or loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Potential threats to computer and network security include:

A
  • Unintentional or unauthorized access or chances to data.
  • The interruption of services.
  • The interruption of access to assets.
  • Damage to hardware.
  • Unauthorized access or damage to facilities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vunlnerability

A

Any condition that leaves a system open to harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerabilities can come in a wide variety of forms, including:

A
  • Improperly configured or installed hardware or software.
  • Untested software and firmware patches.
  • Bugs in software or operating systems.
  • The misuse of software or communication protocols.
  • Poorly physical security.
  • Insecure passwords.
  • Design flaws in software or operating systems.
  • Unchecked user input.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Intrusions

A
  • Physical intrusions
  • Host-based intrusions
  • Network-based intrusions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attacks on a computer systems and network security include:

A
  • Physical security attacks.
  • Network-based attacks, included wireless networks.
  • Software-based attacks.
  • Social engineering attacks.
  • Web application-based attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Controls are broadly classified as

A

prevention, detection, and correction controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Prevention controls

A

These help to prevent a threat or attack from exposing a vulnerability in the computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Detection controls

A

These help to discover if a threat or vulnerability has entered into the computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Corrections controls

A

These help to mitigate the consequences of a threat or attack from adversely affecting the computer systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The Security Management Process

A
  • Identify security controls
  • Implement security controls
  • Monitor security controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CIA Triad

A
  • Confidentially - Keeping information and communication private and protecting them from unauthorized access.
  • Integrity - Keeping organization information accurate, free of errors, and without unauthorized modification.
  • Availability - ensuring that systems operate continuously and that authorized persons can access the data that they need.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Non-repudiation

A

The goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data. Non-repudiation is one way to determine accountability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identification

A

A method that ensures that an entity requesting access to resources by using a certain set of credentials is the true owner of the credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Authentication

A

Is the method of validating a particular entity or individual’s unique credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Authentication Factors

A 
Something you are
Something you have
Something you know
Somewhere you are or are not 
Something you do
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Authorization

A

The process of determining what rights and privileges a particular entity has.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Access control

A

The process of determining and assigning privileges to various resources, objects, or data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Access Controls Models

A

Mandatory Access controls (MAC)
Discretionary Access Control (DAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Mandatory Access Control (MAC)

A

In this model, access is controlled by comparing an object’s security designation and a user’s security clearance. Objects, such as files and other resources, are assigned security labels, depending on the object’s sensitivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Discretionary Access Control (DAC)

A

In this model, access to each object is controlled on a customized basis, which is based on on a user’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Role-Based Access Control (RBAC)

A

In this model, users are assigned to predefined roles, and network object are configured to allow access only to specific roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Rule-Based Access Control

A

This is a non-discretionary technique that is based on a set of operational rules or restrictions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Accounting

A

The process of tracking and recording system activities and resource access.

27
Q

Auditing

A

Is the part of accounting in which a security professional examines logs of what was recorded.

28
Q

Implicit Deny

A

Dictates that everything that is not explicitly allowed is denied.

29
Q

Least Privilege

A

Dictates that users and software should only have the minimal level of access that is necessary for them to perform the duties required of them.

30
Q

Privilege Bracketing

A

Used when privileges are given out when needed, the revoked as soon as the task is finished or the need has passed.

31
Q

Separation of Duty

A

States that no one person should have too much power or responsibility.

32
Q

Job Rotation

A

No one person stays in a vital job role for too long.

33
Q

Mandatory Vacation

A

Provides an opportunity to review employees activities.

34
Q

Time of Day Restrictions

A

Are controls that restrict the periods of time when users are allowed to access systems, which can be set using a group policy.

35
Q

Orphaned Accounts

A

Are users accounts that remain active even after the employees have left the organization.

36
Q

Privilege Management

A

The use of authentication and authorization mechanisms to provide centralize or decentralize administration of user and group access control.

37
Q

Single sign on (SSO)

A

Can offer privilege management capabilities by providing users with one-time authentication for browsing resources such as multiple servers or sites.

38
Q

Privilege Management Infrastructure (PMI)

A

The purpose of a PMI is to issue specific permissions and rights to users within the infrastructure.

39
Q

Tokens

A

Are physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information.

40
Q

Smart cards

A

Are common examples of token-based authentication. A smart card is a plastic card containing an embedded computer chip that can store different types of electronic information.

41
Q

Biometrics

A

Are authentication schemes based on the identification of individuals by their physical characteristics.

42
Q

Geolocation

A

Provides an extra level for authentication.

43
Q

Keystroke Authentication

A

Is a type of authentication that relies on detailed information that describes exactly when a keyboard key is pressed and released as someone types information into a computer or other electronic device.

44
Q

Multi-factor Authentication

A

Is any authentication scheme that requires validation of two or more authentication factors.

45
Q

Mutual Authentication

A

Is a security mechanism that requires that each party in a communication verifies each other’s identity.

46
Q

Cryptography

A

Is the science of hiding information.

47
Q

Encryption

A

Is a cryptographic technique that converts data from plaintext, or cleartext form, into coded or ciphertext form.

48
Q

Decryption

A

Is the companion technique that converts ciphertext back to cleartext.

49
Q

Quantum Cryptography

A

Is an experimental method of data encryption based upon quantum communication and computation.

50
Q

Qubit

A

Is a unit of data that is encrypted by entangling data with a photon or electron that has a particular spin cycle which can be read using a polarization filter that controls spin.

51
Q

Cipher

A

Is an algorithm used to encrypt or decrypt data.

52
Q

Deciphering

A

The reverse process of translating ciphertext to cleartext.

53
Q

Stream Cipher

A

A type of encryption that encrypts data one bit at a time.

54
Q

Block Cipher

A

This cipher encrypts data one block at a time, often in 64-bits blocks.

55
Q

Some common modes of block cipher encryption are:

A 
Electronic Code Book (ECB) encryption
Cipher Block Chaining (CBC) Encryption
Propagating or plaintext Cipher Block Chaining (PCBC) Encryption
Cipher Feedback Mode (CFB) encryption
Output Feedback Mode (OFB) encryption
Counter Mode (CTR)
56
Q

Steganography

A

Is an alternative cipher process that hides information by enclosing it in another file such as a graphic, movie, or sound file.

57
Q

Encryption Key

A

Is a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

58
Q

Keys can be Static or Ephemeral

A

Static Keys are intended to be used for a relatively long time and for many instances within a key-establishment.

Ephemeral keys are generated for each individual communication segment or session.

59
Q

One-Time Pad

A

Is an encryption algorithm that was developed under the assumption that if a key was used once, was completed random, and was kept totally secret, then it constituted the perfect method of encryption.

60
Q

Hashing Encryption

A

Is one-way encryption that transforms cleartext into ciphertext that is not intended to be be decrypted.

61
Q

Hashing has several uses:

A
  • Hashing issued in a number of password authentication schemes. Encrypted password data is called a hash of the password.
  • A hash value can be embedded in an electronic message to support data integrity and non-repudiation.
  • A hash of a file can be used to verify the integrity of that file after transfer.
62
Q

Message Digest 5 (MD5)

A

This algorithm produces a 128-bit message digest.

63
Q

Secure Hash Algorithm (SHA)

A

This algorithm is modeled after MD5 and is considered the stronger of the two.

SHA-160, which produces a 160 bit hash value

SHA-256, SHA-384, and SHA-512 produce 256-bit

384-bit and 512 bit digest

64
Q

NT LAN Manager (NTLM#)

A

NTLMv1 is an authentication protocol for use in its products and released in early versions of window NT. NTLMv2 in later versions of Windows NT.

Security+ Eam SYO-401 (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions