Chapter 1. Security Basics Flashcards Preview

SYS-401 Gibson > Chapter 1. Security Basics > Flashcards

Flashcards in Chapter 1. Security Basics Deck (32):
1

The Security Triad:

1.

2.

3.

The Security Triad:

1. Confidentiality

2. Integrity

3. Availability

2

protects against unauthorized discolsure of data.

Confidentiality protects against unauthorized discolsure of data.

3

Name three methods used to ensure confidentiality:

1.

2.

3.

 

Name three methods used to ensure confidentiality:

1. Encryption

2. Access controls

3. Steganography

4

What is considered the best way to ensure confidentiality?

What is considered the best way to ensure confidentiality?

A: Encryption

5

What 3 elements provide access controls?

1.

2.

3.

What 3 elements provide access controls?

1. Identification

2. Authentication

3. Authorization

6

An individual claims an indentity with a username. What element of an access control does this represent?

An individual claims an indentity with a username. What element of an access control does this represent?

 

A: Identification

7

An individual proves an indentity with a password or PIN. What element of an access control does this represent?

An individual proves an indentity with a password or PIN. What element of an access control does this represent?

 

A: Authentication

8

ensures data is only viewable by authorized users. The best method to ensure this is . Access controls help protect by restricting access.

Confidentiality ensures data is only viewable by authorized users. The best method to ensure this is encryption. Access controls help protect confidentiality by restricting access.

9

Assurance that data has not changed, including assurance the no one has modified, tampered with, or corrupted data.

Assurance that data has not changed, including assurance the no one has modified, tampered with, or corrupted data.

A: Integrity

10

List 3 factors that can adversely affect Integrity:

1.

2.

3.

List 3 factors that can adversely affect Integrity?

1. Unauthorized use

2. Malicious Software

3. System/Human Error

11

List two methods used to ensure or protect data integrity:

1.

2.

List two methods used to ensure or protect data integrity:

1. Hashing

2. Digital Certificates

12

Hashing uses to verify integrity. As long as the data remains unchanged, the hash remains unchanged.

Hashing uses algorithms to verify integrity. As long as the data remains unchanged, the hash result remains unchanged.

13

Assuming that a returned hash against some data returns an unexpected result, should the data be trusted as valid?

Assuming that a returned hash against some data returns an unexpected result, should the data be trusted as valid?

A: No. If the hash has changed, it is implicit that the the data can no longer be trusted as valid.

14

In addition to digitial signatures also provide (when used in conjunction with audit logs) and .

In addition to integrity, digitial signatures also provide non-repudiation (when used in conjunction with audit logs) and authentication.

15

Use of digital signatures requires the following 2 elements:

1.

2.

Use of digital signatures requires the following 2 elements:

1. Certificates

2. PKI (public key infrastructure)

16

indicates that data or services are usable immediately whenever needed.

Availability indicates that data or services are usable immediately whenever needed.

17

List 2 methods used to ensure availability:

1.

2.

 

List 2 methods used to ensure availability:

1. Implementing redundancies

2. Patching

18

Patching ensures availability by mitigating and security .

Patching ensures availability by mitigating bugs and security vulnerabilities.

19

The practice of implementing multiple layers of protection is known as .

The practice of implementing multiple layers of protection is known as layered security or defense in depth.

20

The possibility of a threat exploiting a vulnerability, resulting in a loss.

The possibility of a threat exploiting a vulnerability, resulting in a loss.

 

A: Risk

21

A circumstance or event that has potential to compromise confidentiality, integrity, or availability.

A circumstance or event that has potential to compromise confidentiality, integrity, or availability.

 

A: Threat

22

A weakness in hardware or software, including configuration.

A weakness in hardware or software, including configuration.

 

A: Vulnerability

23

Threats may come from:

 

A: Inside an organization

B: Outside an organization

C: Both inside and outside of an organization

Threats may come from:

 

A: Inside an organization

B: Outside an organization

C: Both inside and outside of an organization

24

List 4 examples of possible threats:

1.

2.

3.

4.

List 4 examples of possible threats:

1. Disgruntled employee

2. Attacker

3. Malicious software

4. Natural disaster

25

The act of reducing the change that a threat will exploit a vulnerability is known as . It is accomplished by .

The act of reducing the change that a threat will exploit a vulnerability is known as risk mitigation. It is accomplished by implementing controls.

26

Implementing controls mitigates risk by:

1.

2.

Implementing controls mitigates risk by:

1. reducing vulnerabilties to threats

2.reducing the impact of a threat

27

Proving an identity with some type of credential is known as .

Proving an identity with some type of credential is known as authentication.

28

Authentication is not limited to users. List other entities that may use, rely on, or need to be authenticated.

Authentication is not limited to users. List other entities that may use, rely on, or need to be authenticated.

 

1. Users

2. Services

3. Processes

4. Workstations/Servers

5. Network devices

29

List the 5 factors used for authentication:

1.

2.

3.

4.

5.

List the 5 factors used for authentication:

1. Something you know

2. Something you have

3. Something you are

4. Somewhere you are

5. Something you do

30

What is considered to be the weakest authentication factor?

What is considered to be the weakest authentication factor?

A: Something you know

31

Describe the something you know authentication factor:

Describe the something you know authentication factor:

1. shared secret (password, PIN)

2. weakest factor

32