D430 Flashcards

Question

AES | How many cyphers does it use? endorse by through?

Answer 1

A set of symmetrical block ciphers endorsed by the us government through NIST . Is used by a variety of organizations. It is the replacement for DES as the standard encryption for us government . Uses 3 different ciphers one a 128 bit key one 192-bit key and one 256- bit key

Answer 2

A substitution cipher that shifts characters a certain number of positions in the alphabet usually 3 .

Answer 3

A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.

Answer 4

A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use. It naturally creates network segmentation when installed

Answer 5

A system used to analyze the activities on or directed at the network interface of a particular host

Answer 6

A tool used to test the security of firewalls and map network topology. - constructs specially crafted ICMP packets to evade measures to hide devices behind firewall - scripting functionality to test firewall/IDS

Answer 7

An authorization attack is a cybersecurity threat that exploits vulnerabilities in the application's authorization processes. This type of attack occurs when an application's authorization mechanisms are not properly implemented or adhere to best practices, allowing attackers to gain unauthorized access to system functions, data, or resources they should not have access to.

Answer 8

A type of attack that is more common in systems that use ACLs rather than capabilities; when software has greater permissions than user, the user can trick the software into misusing authority

Answer 9

Elliptic Curve Cryptography (ECC) is a method for encrypting data and securing digital communications using the mathematics of elliptic curves. It offers high security with smaller key sizes compared to traditional systems like RSA, making it efficient for use in environments with limited resources.

Answer 10

A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions

Answer 11

A widely used packet analyzer, network protocol analyzer, used for network troubleshooting, analysis, software and protocol development, and education.

Answer 12

A Windows tool used to detect wireless access points. Does not have as full feature set as kismet

Answer 13

Network Access Control Lists (ACLs) are a security measure used within a network to control the flow of traffic. Access controlled by the identifiers we use for network transactions such as ip address, MAC address and ports

Answer 14

aka Chinese Wall; Access control model designed to prevent conflicts of interest. Commonly used in industries such as financial

Answer 15

Allowing only those authorized to access the data requested

Answer 16

Allowing us to access the contents of a file or directory

Answer 17

Allows us to talk about the proper attribution as to the owner or creator of the data in question

Answer 18

also calles UI redress attack; typically uses an inline frame, or iframe. In a clickjacking attack, an attacker wraps a trusted page in an iframe that places transparent image over legitimate links, graphics or form fields. Causes client to execute a command differing from what they think they are performing

Answer 19

Also known as private key. Utilizes a single key for both encryption of plain text and decryption of the cipher text

Answer 20

an access control model in which the subject has total control over any object that the subject owns along with the programs that are associated with those objects

Answer 21

An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization

Answer 22

An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.

Answer 23

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Answer 24

An attack that tricks users into clicking something other than what they think they're clicking.

Answer 25

cross-site request forgery (XSRF) An attack that uses the user's Web browser settings to impersonate the user.

Answer 26

An authentication method that includes multiple methods for a single authentication transaction. Often referred to as "something you have and something you know," when the factors include a device such as a smart card and a secret such as a password or PIN.

Answer 27

an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender

Answer 28

An encryption method that encrypts data as a stream of bits or bytes. One bit at a time.

Answer 29

An encryption method that encrypts data in fixed-side blocks. Block size is 64 bits .

Answer 30

Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average

Answer 31

Any device that communicate via a wireless network

Answer 32

Any event being man-made, natural or environmental that could damage the assets

Answer 33

Purpose: The Star Property is designed to maintain the confidentiality of information within the system. Function: It restricts the ability of a subject to write information to a higher security level than the subject's own level. This is known as "no write up." Objective: The primary aim is to prevent the flow of information from lower to higher security levels, ensuring that sensitive information is not inadvertently or maliciously leaked to levels that should not have access to it. | Simple Integrity Axiom (no write down, or "integrity property")

Answer 34

applications detect threats in the same way as an IDS either by matching against a signature or by detecting anomalous activities taking place.

Answer 35

Applications that generate OTP

Answer 36

Are capable of analyzing the actual content of the traffic that is flowing through them. Can resemble the contents of the traffic to look at what will be delivered to the application that it is destined for.

Answer 37

Multilevel Access Control (MAC) is a security mechanism that classifies users and data into different levels of security. It restricts access to information based on the clearance level of users and the classification of the information, ensuring that users can access only the data for which they have authorization, thereby enhancing data security. They are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI).

Answer 38

RAID (Redundant Array of Inexpensive Disks) is a technology used to protect against data loss due to hardware failures in individual disks. It involves configuring multiple disks in various setups to provide redundancy and improve data reliability. Additionally, data can be replicated from one machine to another over a network or backed up onto media such as DVDs or magnetic tapes for added security.

Answer 39

Attack by placing code in the form of scripting language into a webpage, other media that is interpreted by a client browser including adobe flash and types of video files. When another person views the webpage or media they execute the code automatically and the attack is carried out

Answer 40

Attacks allows unauthorized users to access our data, applications, or environments. Are primarily an attack against confidentiality

Answer 41

Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis. This attack affects availability but can also attack integrity

Answer 42

Attacks involve generating data, processes, communications, or other similar activities with a system. Attacks primarily affect integrity but can be considered an availability attack.

Answer 43

Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack, but could also be an availability attack.

Answer 44

attacks that exploit vulnerabilities on the server.

Answer 45

Authentication factors that use physical features ( something that you are )

Answer 46

Breaking a network into pieces and putting various levels of security between those pieces. We can control the flow of traffic allowing or disallowing traffic

Answer 47

can detect, monitor, and sometimes tamper with the activities of an attacker. are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker.

Answer 48

Can serve as a choke point in order to allow us to filter traffic for attacks or undesirable content such as malware or traffic to Web sites hosting adult content.

Answer 49

Can take action based on what is happening in the environment. In response to an attack over the network an ips might refuse traffic from the source of the attack

Answer 50

check to see what ports are open Nmap Zenmap Masscan Netcat Advanced IP Scanner Angry IP Scanner

Answer 51

Chief method of protecting traffic is encryption. The encryption is used by 802.11 wireless devices. The most common wireless families are - wired equivalent privacy (wep) - Wi-Fi protected access ( wpa) - Wi-Fi protected access v2 (wpa2)

Answer 52

Children's Online Privacy Protection Act: a law that intends to keep children under the age of 13 protected from the collection of private information and safety risks online.

Answer 53

Command line packet sniffing tool . Runs on Linux and unx operating systems

Answer 54

Commonly used to detect wireless access points and can find them even when attempts have been made to make doing so difficult

Answer 55

Computer fraud and abuse act of 1986. A law to reduce the hacking and cracking of government or other sensitive institutions computer systems

Answer 56

Confidentiality, integrity, availability, possession/control, authenticity, utility

Answer 57

Conforming to a rule, policy or law

Answer 58

Controlling the Assault of Non-Solicited Pornography and Marketing Act; protects consumers against unwanted email solicitations

Answer 59

Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions

Answer 60

Controls are devices and software that protect assets. Think of firewalls, av, ids, and ips

Answer 61

Controls are physical items that protect assets. Think of locks, doors, guards and fences

Answer 62

Controls are the policies that organizations create for governance. Ex: email policies

Answer 63

Controls serve to detect and report undesirable events that are taking place (ex. Bulgar alarms)

Answer 64

Controls used to physically prevent unauthorized entities from breaching our physical security

Answer 65

Cross-Site Request Forgery is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website's trust of the browser rather than the other way around. The website thinks that the request came from the user's browser and was actually made by the user. However, the request was planted in the user's browser

Answer 66

Data is at ready when it is on a storage device of some kind and is not moving over a network, or a protocol

Answer 67

Demilitarized zone. Combo of network design feature and a protective device such as a firewall. Placing a server in the DMZ (Demilitarized Zone) means positioning it in a separate network segment that acts as a buffer zone between the public internet and the organization's internal network. The DMZ is exposed to the public internet, making it more accessible from the outside but also more vulnerable to attacks.

Answer 68

Depending on the type of physical media on which our data is stored, any number of adverse physical conditions may be problematic or harmful to their integrity. Such media are often sensitive to temperature, humidity, magnetic fields, electricity, impact, and more, with each type of media having its particular strong and weak points.

Answer 69

Describes the ease with which a system can be tricked by a falsified biometric identifier

Answer 70

Digitally signed electronic documents that bind a public key with a user identity.

Answer 71

discouraging criminal acts by threatening punishment

Answer 72

Easiest way we can protect our data

Answer 73

Electronic Freedom of Information Act. Requires agencies to provide the public with electronic access to any of their reading room records that have been created by them since November 1996

Answer 74

Ensuring that we have accurate records of who did what and when. Primarily focused on compliance with relevant laws and policies, and access to and from systems and sometimes physical security

Answer 75

Execute the contents of the file

Answer 76

Existed before the modern computer . Used to simplify the use of encryption and made more computer encryption possible.

Answer 77

Family Educational Rights and Privacy Act. Protects the privacy of students and parents

Answer 78

Federal Information Security Management Act provides a framework for ensuring the effectiveness of information security controls in government

Answer 79

First and most important part or risk management. Identifying and categorizing the assets we are protecting

Answer 80

Gramm-Leach-Bliley Act. Protects the customers of financial institutions, any company offering financial products or services

Answer 81

Hardest to protect. Data is in use when a user is accessing the data.

Answer 82

Health Information Technology for Economic and Clinical Health Act. Created to promote and expand the adoption of health information technology specifically the use of electronic health records.

Answer 83

Health Insurance Portability and Accountability Act. Purpose is to improve the efficiency and effectiveness of the health care system. Requires privacy protections for individuals health information

Answer 84

How useful the data is to us

Answer 85

If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues, depending on the particular environment and language being used. A good example of an input validation problem is the format string attack. Could be used to crash an application or cause the operating system to run a command and potentially compromise the system.

Answer 86

implements a combination of DAC and MAC and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions.

Answer 87

information about an individual that identifies, links, relates, or describes them.

Answer 88

Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested

Answer 89

Keeping data unaltered by accidental or malicious intent

Answer 90

Keeping data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 91

Keyless cryptography. Do not use a key but instead create a unique and fixed length hash value based on the original message. (Like a fingerprint) a slight change to the message will change the hash

Answer 92

Layering of security controls is more effective and secure than relying on a single control

Answer 93

Let's us give a particular party or parties access to a given resource

Answer 94

Look at potential threats. any given asset may have thousand or millions of threats that could impact it, but only a small fraction of the threats will be relevant

Answer 95

Measures how easy it is to acquire a characteristic with which we can use later to authenticate a user

Answer 96

Network segmentation, firewalls, IDS/IPS , wireless secure protocols, VPNs, secure protocols, MDM, port scanners , packet sniffers, honeypots

Answer 97

Occur when we do not properly account for the size of the data input into our applications

Answer 98

Occurs when an attacker is able to execute or run commands on a victim computer

Answer 99

Often include some portion of the feature set we might find in a tool such as Nmap, are aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities.

Answer 100

Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures.

Answer 101

Once we have identified the threats and vulnerabilities for a given asset we can access the overall risk

Answer 102

Once we have our critical assets we can identify the threats that might effect them

Answer 103

OTP passwords that expire after a time frame of after one time usage

Answer 104

Particularly with Web applications and pages, there are often sensitive files and directories that will cause security issues if they are exposed to general users. One area that might cause us trouble is the exposure of configuration files due to improper or inadequate permissions.

Answer 105

Payment Card Industry Data Security Standard. Security standards designed to ensure all companies that accept , process, or transmit credit card information maintains a secure environment(not a law)

Answer 106

Performs strictly as a monitoring and alert tool, only notifying us that an attack or undesirable activity is taking place

Answer 107

Physical devices that generate a one time password ( something you have )

Answer 108

Preforms strictly as a monitoring and alert toll. Only notifying us that an attack or undesirable activity is taking place

Answer 109

Primarily concerned with protecting the integrity of the data, even at the expense of confidentiality

Answer 110

Programs that store all of the users passwords with a master password

Answer 111

Provides us with the means to trace activists in our environment back to their source. Depends on identification, authentication, and access control being present so that we know who a given transaction is associated with, and what permissions were used to allow them to carry it out

Answer 112

Public key utilizes 2 keys. A public key and a private key. The public key is used to encrypt data sent from sender to receiver and is shared with everyone

Answer 113

Purpose is to deter and punish terroists acts in the United States and around the world

Answer 114

Putting measures in place to help ensure that a given type of threat is accounted for

Answer 115

RC4, ORXY, and SEAL A stream cipher is a method of encrypting data where the plaintext is combined with a pseudorandom cipher digit stream (keystream), one bit or byte at a time. Unlike block ciphers, which encrypt data in fixed-size blocks, stream ciphers work with continuous streams of data, making them suitable for environments where data arrives in an unpredictable manner or where it's impractical to implement block ciphers. Stream ciphers are known for their speed and simplicity in hardware or software implementations but require careful management of the keystream to maintain security.

Answer 116

Recover to a better state that we were prior to the incident or perhaps prior to when the issue started if we did not detect it immediately

Answer 117

Refers to a situation in which sufficient evidence exists to prevent an individual from denying that he or she has made a statement or taken action

Answer 118

Refers to allowing some access to out resource, but only up to a certain point

Answer 119

Refers to the physical disposition of the media on which the data is stored

Answer 120

Regulations mandated by law usually requiring regular audits and assessments

Answer 121

Regulations or standards usually not mandated by law, it is designed for specific industries (e.g. PCI DSS)

Answer 122

Rendering the data as inaccessible when it's no longer required

Answer 123

Response to when risk management practices have failed and have cause an inconvenience to a disastrous event

Answer 124

Safety of people is our first concern when we plan physical security

Answer 125

Sarbanes-Oxley Act. Regulates financial practices and governance corporations. Designed to protect investors and the general public by establishing requirements reporting and disclosure practices

Answer 126

Selective use of game design and game mechanics to drive employee engagement in non-gaming business scenarios.

Answer 127

Simply the opposite of granting access

Answer 128

SLL&TLS are used to protect info sent over the network and over internet. The operate in conjunction with other protocols like internet message access protocol (IMAP) , post office protocol (POP) for email

Answer 129

software that is intended to damage or disable computers and computer systems.

Answer 130

Stipulates that we should be able to find our chosen biometric characteristics in the majority of people we expect to enroll in the system

Answer 131

Structured Query Language (SQL) injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications. SQL is the language we use to communicate with many of the common databases on the market today.

Answer 132

Take advantage of weaknesses in the software loaded on our clients , or those attacks that use social engineering to trick us into going along with the attack

Answer 133

Takes access that was once allowed away from the user.

Answer 134

taking into account the assets cost

Answer 135

Taking steps to ensure that the situation does not cause any more damage than it already has, or to at least lessen any ongoing harm.

Answer 136

Targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application.

Answer 137

techniques that trick a person into disclosing confidential information

Answer 138

Tests show how well a particular characteristic resists change over time and with advancing age

Answer 139

The ability to access data when needed

Answer 140

The act of proving who or what we claim to be (password)

Answer 141

The breaking and finding a weakness in the algorithm and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

Answer 142

The core model of all information security. Confidential, integrity and availability

Answer 143

The half step between identity and authentication (showing two forms of Id)

Answer 144

the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.

Answer 145

The legal and ethical sources of protection for privacy in personal data.

Answer 146

The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it

Answer 147

Purpose: Ensures integrity. Principle: A subject at a certain security level cannot write data to a lower security level. This is known as "no write down." Objective: Prevents the corruption of data at lower integrity levels by ensuring that users can only write information at their own level of integrity or higher. This helps in maintaining the accuracy and trustworthiness of the data by preventing the insertion of false or misleading information from higher levels. | Bell-LaPadula Model

Answer 148

The likelihood that a threat will occur. There must be a threat and vulnerability

Answer 149

The lowest level of authorization allowed to a user to preform duties

Answer 150

The means by which we implement authorization and deny or allow access to parties based on what resources we have determined they should be allowed access to .

Answer 151

Mandatory Access Control (MAC) is a security model that restricts the ability of subjects (like users or processes) to access objects (like files or system resources) based on the policies defined by a central authority. Unlike Discretionary Access Control (DAC), where the access control policies are set by the object's owner, MAC policies are enforced by the operating system or security kernel, ensuring a higher level of control over access permissions.

Answer 152

the password cracker tries every possible combination of characters to guess the password

Answer 153

The preparation phase consists of all of the activities that we can preform in advance of the incident itself in order to better enable us to handle it

Answer 154

The primary method of securing data from exposure on network media is encryption, and we may choose to apply it in one of two main ways: by encrypting the data itself to protect it or by protecting the entire connection.

Answer 155

The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction

Answer 156

The process where the session is authenticated on both ends and just one end . Prevents man in the middle attacks

Answer 157

The requirements that are set forth by laws and industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies

Answer 158

the state or condition of being free from being observed or disturbed by other people.

Answer 159

The study of deciphering secret messages. Cryptographic algorithms

Answer 160

The substitution of one letter for another in a consistent fashion

Answer 161

The use of a token that controls our access. A capability is a communicable, unforgeable token of authority which provides the holder with the right to access a specific object in certain ways.

Answer 162

The ways we protect assets. Physical, technical/ logical, and administrative

Answer 163

This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities. Unlike hardware firewalls, which are physical devices placed between a network and the gateway, software firewalls run on individual computers or servers to protect each device by filtering traffic and blocking unauthorized access from external threats.

Answer 164

Tools such as Nessus . They work by scanning the target systems to discover which ports are open on them and then interrogating each open port to find out exactly which service is listening on the port in question

Answer 165

Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES.

Answer 166

Two fish, serpent, blowfish , cat5, IDEA

Answer 167

unnecessary files that aren't cleaned up when the application moves from development to production. Leaving extraneous files may be handing attackers materials they need to compromise the system.

Answer 168

Use of personal equipment brings cost savings to a corporation but can open up certain risks like data leakage, malware, intellectual property viruses

Answer 169

Use of several authentication techniques together, such as passwords and security tokens.

Answer 170

Uses a state table to keep track of the connection state and will only allow traffic through that is part of a new or already established connection. Unlike stateless firewalls, which only examine packet headers and enforce rules based on static criteria such as source and destination IP addresses, ports, and protocols, stateful firewalls keep track of the state of active connections and make decisions about packet flow based on the context of the traffic.

Answer 171

Virtual Private Network. Can provide us with a solution for sending sensitive traffic over unsecured networks. VPN connection is often referred to as a tunnel. Is encrypted connection between two points

Answer 172

Vulnerability and penetration testing

Answer 173

Vulnerabilities in protocol implementations frequently stem from pervasive software development oversights, including but not limited to buffer overflows. These issues arise when data exceeds the allocated storage capacity, potentially allowing attackers to execute arbitrary code or disrupt service operations.

Answer 174

We attempt to determine specifically what happened, why it happened, and what we can do to keep it from happening again.

Answer 175

We can look for ports and versions of service that are running, examine banners displayed by services for information. Examine the info our systems display over the network and similar tasks. Nmap Wireshark Metasploit Nessus Netcat OpenVAS Masscan

Answer 176

We conduct a test where we mimic as closely as possible the techniques an actual attacker would us

Answer 177

We will attempt to remove the effects of the issue from our environment

Answer 178

Weakness that a threat event or the threat can take advantage of. Threat. A threat is any potential cause of an unwanted impact to a system or organization. Risk refers to the potential for loss, damage, or any other negative occurrence that is caused by external or internal vulnerabilities. A vulnerability is a weakness in a system that can be exploited by a threat to gain unauthorized access or cause harm to the system.

Answer 179

What the user can access, modify, and delete

Answer 180

When a user synced passwords from different systems without a software application

Answer 181

When we give a user or process the opportunity to interact with our database without supplying a set of credentials.

Answer 182

When we seek to introduce records in legal settings, it is often much easier to do so and have them accepted when they are produced from a regulated and consistent tracking system.

Answer 183

Where the action begins to happen. We will detect the occurrence of an issue and decide whether or not it is actually an incident so that we can respond

Answer 184

Who or what we claim to be ( username)

Answer 185

Wireless Protected Access 2. Wireless network encryption system. Offers the strongest security

Answer 186

Works in a similar way to host antivirus systems

Answer 187

Write to a file or directory

Answer 188

While both phishing and pretexting aim to deceive and obtain confidential information, phishing typically occurs through electronic communication and relies on urgency, while pretexting involves creating a fabricated story to manipulate individuals in various contexts, including offline interactions.

Answer 189

Direction of Restriction: The Simple Security Property restricts read actions to prevent confidential information from moving to subjects with lower clearance, while the Simple Integrity Axiom restricts write actions to prevent the corruption or lowering of data integrity. Security Objective: The Simple Security Property focuses on confidentiality, ensuring that sensitive information is not disclosed improperly. In contrast, the Simple Integrity Axiom is concerned with integrity, ensuring that information remains accurate and uncorrupted.

D430 Flashcards

Fundamentals of Information Security - D430