Chapter 1 Flashcards
What is use case?
Describes a goal that an organization wants to achieve. A use case can include actors, precondition, trigger, postcondition, normal flow, and alternate flow.
What is encryption?
Scrambles data to make it unreadable by unauthorized personnel.
What is access control?
Identification, authentication, and authorization combined to ensure only authorized personnel can access data.
What is steganography?
It obscure the data and can be used in a use case to support obfuscation. It attempts to make something unclear or difficult to understand.
What is digital signature?
Provides authentication and non-repudiation.
What is disk redundancies?
Allow a system to continue to operate even if a disk fails.
What is server redundancies?
Failover clusters include redundant servers and ensure a service will continue to operate, even if a server fails.
What is load balancing?
Uses multiple servers to support a single service and increase availability of web sites and web-based applications
What is site redundancies?
If a site can no longer function due to a disaster, the organization can move critical systems to an alternate site.
What is backups?
Restore data is necessary.
What are the types of security control classification?
Technical, administrative, or physical.
What is the purpose of technical control?
It reduces vulnerability by using encryption, antivirus software, intrusion detection systems, firewalls, and least privilege.
What is administrative controls?
Use methods mandated by organizational policies or other guidelines. Some methods include risk assessments, vulnerability assessments, and penetration tests.
What is the difference between vulnerability assessments and penetration tests
Vulnerability assessment attempts to discover current vulnerabilities or weaknesses while penetration tests attempt to exploit vulnerabilities.
What is change management?
Helps ensure changes don’t result in unintended configuration errors.