Domain 1 (General Security Concepts) Flashcards
Practice Questions unofficial sources (160 cards)
1
Q
CIA C
A
Confidentiality
2
Q
CIA I
A
Integrity
3
Q
CIA A
A
Availability
4
Q
This protects information and systems from unauthorized access
A
Confidentiality defintion
5
Q
This protects information and systems from unauthorized modification
A
Integrity definition
6
Q
____ attacks seek to undermine confidentiality
A
Disclosure
7
Q
____ attacks seek to undermine integrity
A
Alteration
8
Q
This ensures that information and systems are available for authorized users when needed
A
Availability definition
9
Q
____ attacks seek to undermine availibility
A
Denial
10
Q
Steps of the access control process
A
Identification, authentication, authorization
11
Q
When an individual makes a claim about their identity (this could be a true or false claim)
A
Identification defintion
12
Q
When an individual proves their identity to the satisfaction of the access control system
A
Authentication definition
13
Q
These are procedures and mechanisms that an organization puts in place to manage security risks
A
Security Controls definition
14
Q
When multiple controls are used for one objective, the same control objective
A
Defense in Depth definition
15
Q
____ controls stops a security issue from occurring in the first place
A
Preventive
16
Q
____ controls identifies that a potential security issue has taken place
A
Detective
17
Q
____ controls remediates security issues that have already occurred
A
Corrective
18
Q
____ controls prevents an attacker from seeking to violate security policies
A
Deterrent
19
Q
____ controls informs employees and others what they must do to achieve security objectives
A
Directive
20
Q
____ controls fills a known gap in a security environment
A
Compensating
21
Q
____ controls use technology to achieve security control objectives
A
Technical
22
Q
____ controls use human-driven processes to manage technology in a secure manner
A
Operational
23
Q
____ controls improve the security of the risk management process itself
A
Managerial
24
Q
____ controls that impact the physical world
A
Physical
25
Desired state of your information security program weighed against the security analysis of your current state
Gap analysis
26
Zero trust applies ___ ___ to network access
least privilege
27
Zero trust relies on strong
authentication and identity management practices, rather than things such as trusting IP addresses
28
ZTNA
zero trust network access
29
Where all of the network policy decisions are made
Control plane
30
Data plane
Where network policy decisions are enforced, and access is granted or not granted
31
ZTNA separates the networking world into two realms
Control plane and data plane
32
ZT adaptive identity
the environment provides support for multiple types of users whose roles and identities might evolve as the environment changes
33
ZT threat scope reduction
supports agility and complexity while keeping the environment as simple as possible to minimize security risks
34
ZT policy-drive access control
provides a flexible environment that realizes that access needs may change, and creates a technical environment that can support whatever policy decisions are made
35
ZT implicit trust zones
offer easily configured zones for data that must be protected, such as PII
36
SASE
Secure Access Service Edge
37
SDN
Software defined networking
38
CASBs
Cloud access security brokers
39
___ locks use physical keys
Preset
40
___ locks require the user to enter the correct combination
Cipher
41
____ locks use a physical characteristic of a person to permit access
Biometric
42
____ locks require that the user present a magnetic stripe or proximity access card
Card reader
43
Video surveillance systems act as both ___ and ___ controls
deterrent and detective
44
When two people must enter sensitive areas together
Two person integrity
45
When two people must jointly approve sensitive actions
Two person control
46
These are unused but monitored IP address spaces. Administrators set aside a portion of their normal IP address space with no legitimate system using it. If there is activity it is suspicious and likely an attacker
Darknets
47
Fake records inserted into databases to detect malicious activity
Honeytoken
48
False stores of sensitive information, files specifically created to resemble sensitive data
Honeyfiles
49
Systems designed to attract and trap attackers; systems placed on a network with the purpose of intentionally attracting attackers
Honeypots
50
Large-scale deployments of honeypots
Honeynets
51
Altered DNS records to reroute botnet traffic, a deception technique
DNS Sinkhole
52
This plans, implements, and monitors changes to protect organizations from unforeseen consequences/ a systematic approach of planning, implementing, and monitoring modifications to systems and processes
Change management
53
First step in change management
Changes should follow a well-defined approval process to ensure changes are carefully evaluated, authorized, and documented to reduce the risk of unauthorized modifications
54
2nd step change management
Every change should have an assigned owner; clearly define ownership streamlines communication and maintains accountability
55
3rd step change management
identify and engage stakeholders
56
4th step change management
conduct an impact analysis
57
The use of mathematical algorithms to transform information into an encrypted form that is not readable by unauthorized individuals
Cryptography
58
This converts information from plaintext into ciphertext
Encryption
59
This converts ciphertext messages back into their plaintext form
Decryption
60
These serve as mathematical recipes, they're a set of mathematical instructions that you follow
Algorithms
61
Encryption algorithms have two inputs :
The plaintext message and an encryption key
62
Where the encryption and decryption use the same secret key
Symmetric encryption
63
Where encryption and decryption use different keys from the same pair
Asymmetric encryption
64
Formula for the number of keys needed for symmetric cryptography
(n(n-1))/2
n: number of people who want to communicate
65
Public key and private key for each user describes __
Asymmetric encryption keys
66
Bob encrypts a message for Alice using her public key. She decrypts it using her private key. This is ___ encryption
Asymmetric
67
In asymmetric cryptography, the keys must be __
from the same pair
68
Five goals of cryptography
Confidentiality, integrity, authentication, obfuscation, non-repudiation
69
Data stored on a hard drive or other storage
Data at Rest
70
Data transmitted over a network connection
Data in transit
71
Data in memory being actively used by an application
Data in use
72
1st goal cryptography
Confidentiality
73
2nd goal cryptography
Integrity
74
3rd goal crypography
authentication
75
Hiding sensitive data
Obfuscation
76
Non-repudiation is only possible with symmetric or asymmetric cryptography?
Asymmetric cryptography
77
Phrase meaning security of an algorithm depends upon the secrecy of the approach
Security through obscurity
security because nobody knows how it works
78
Phase 1 cryptography lifecycle
Initiation
The organization realizes they need a new cryptographic system and gathers the requirements for that system
79
Phase 2 cryptography lifecycle
Development and Acquisition
The organization finds an appropriate combination of hardware, software, and algorithms that meet objectives
80
Phase 3 cryptography lifecycle
Implementation and Assessment
Configure and test the cryptographic system whether it meets security objectives
81
Phase 4 cryptography lifecycle
Operations and Maintenance
Ensure the continued secure operation of the cryptographic system
82
Phase 5 cryptography lifecycle
Sunset
Phase out the system and destroy/archive keying material
83
The process of transforming personally identifying information into a form where it is no longer possible to tie it to an individual person
Data Obfuscation
83
The process of removing obvious identifiers
Deidentification
84
When an attacker compares hash values with precomputed hashes
Rainbow Table Attack
85
Using random values to defeat the rainbow tables (hashing attack)
Salting
86
Replacing sensitive fields with a random identifier/a unique identifier using a lookup table
Tokenization
87
The process of redacting sensitive information from a file by replacing the information with blank values
Masking
88
DES
Data Encryption Standard
89
Uses an encryption operation called the Feistel function for 16 rounds of encryption
DES Data Encryption Standard
90
A symmetric encryption algorithm, block cipher operating on 64-bit blocks, key length of 56 bits, and is now considered insecure
DES Data Encryption Standard
91
Workaround for DES becoming insecure
Triple DES
Three rounds of DES encryption
92
Double DES is insecure due to vulnerability from what attack?
Meet in the middle
93
Symmetric encryption, operating on 128 bit blocks, considered secure
AES
(Advanced Encryption Standard)
94
Symmetric encryption, public domain algorithm, no longer secure
Blowfish cipher
95
Symmetric encryption, public domain algorithm, 128 bit blocks, secure
Twofish
96
Users create RSA key pairs using:
two large prime numbers
97
One of the earliest asymmetric algorithms and still used today, 1024 bit version isn't secure, 4096 version is secure
RSA algorithm
Rivest-Shamir-Adleman
98
Framework for combining symmetric and asymmetric algorithms, widely used today
PGP algorithm (Pretty Good Privacy)
99
Does not depend on prime factorization, uses the EC discrete log problem
Elliptic curve cryptography
100
May be able to defeat cryptographic algorithms if the theory becomes applicable
Quantum cryptography
101
Finding a way to solve the __ __ problem efficiently would break modern cryptography
Prime Factorization
102
Uses quantum mechanics principles to perform computing tasks, mostly theoretical
Quantum computing
103
More susceptible to to quantum attack than prime factorization
Elliptic curve cryptography
104
A software package that uses encryption and relay nodes to facilitate anonymous internet access
Tor (Onion Router)
105
PFS
Perfect Forward Secrecy
106
Uses encryption to hide the details of a communication from participants in the communication/ hides nodes' identity from each other
PFS Perfect Forward Secrecy
107
Exchange of encryption keys in someway that all parties trust; uses a different communication channel, is difficult and time consuming
Out of Band Key Exchange
108
Securely exchanging keys digitally
In Band Key Exchange
109
Key exchange for symmetric encryption; secure way to digitally exchange; exchange of prime numbers to begin
Diffie-Hellman algorithm
110
Variant of Diffie-Hellman; Relies upon complexity drawn from the elliptic curve
Elliptic Curve Diffie Hellman algorithm
111
Allows government access to keys
Encryption Key Escrow
112
Closest we've achieved to key escrow technology, performs encryption but has a special law enforcement access field, source of controversy
Clipper Chip
113
LEAF
Law Enforcement Access Field
114
These allow internal access to lost keys
Recovery Agents
115
This takes a relatively insecure value, such as a password, and uses mathematical techniques to strengthen it, making it harder to crack
Key Stretching
116
Key stretching combines two different techniques to add strength to an encryption key:
Salting and hashing
117
Algorithm used to perform key stretching, uses salting and hashing, should be repeated at least 40,000 times
PBKDF2
Password Based Key Derivation Function V2
118
Algortithm used to perform key stretching, based on the Blowfish cipher for hashing and uses salting
bcrypt
119
Special purpose computing devices that manage encryption keys and perform cryptographic operations
Hardware Security Modules (HSMs)
120
Ways to prevent imposters with cryptography public key exchange
Personal knowledge, Web of trust (WOT), Public Key Infrastructure (PKI)
121
Relies on indirect relationships, participants digitally sign the public keys of people they know personally to verify, decentralized, high barrier to entry for new people
Web of Trust
122
Builds on the Web of Trust, depends on centralized highly trusted certificate authorities (CAs)
Public Key Infrastructure (PKI)
123
(CA), highly trusted and centralized service providers; trusted third party organizations that verify the identity of individuals or organizations and then issue digital certificates containing both identity information and a copy of the subject's public key
Certificate Authorities
124
One way functions that transform a variable length input into a unique, fixed length output
Hash Functions
125
The __ of a function will always be __ regardless of ___ size
input/different/output
input/the same/output
output/the same/input
output/the same/input
126
Hash functions may fail if:
they are reversible, they aren't collision resistant
127
The fifth in a series of hash functions, they became increasingly secure, produces 128 bit hashes, no longer considered secure
MD5, Message Digest 5
128
Message Digest
another term for hash
129
approved by the NIST, produces 160 bit value, flaws make it insecure,
SHA Secure Hash Algorithm 1
130
approved by NIST, Consists of six hash functions, produces output of 224, 256, 384, and 512 bits, mathematically similar to SHA1 and MD5, still widely used but susceptible to attacks
SHA Secure Hash Algorithm 2
131
approved by NIST, Keccak algorithm, uses completely different approach than version before it, produces hash of user selected length
SHA Secure Hash Algorithm 3
132
an alternative to government sponsored functions, produces 128, 160, 256, and 320 bit output, the 128 version is not secure, 160 version is widely used
RIPEMD
133
Combines symmetric cryptography and hashing, provides authentication and integrity, user creates and verifies message authentication code by using secret key in conjunction with hash function
HMAC Hash based Message Authentication Code
134
For digital signatures we use the ___ key for encryption and the ___ key for decryption
Private, public
135
DSS
Digital Signature Standard
US government federal standard for appropriate digital signature algorithms, published by NIST
136
Approved DSS algorithms
Rivest-Shamir-Adleman (RSA), Elliptic curve digital signature algorithm (ECDSA), Edwards curve digital signature algorithm (EdDSA)
137
Reduce the burden of authenticating users from the CA server
Certificate Stapling
138
Certificate stapling
CAs receive a request for certificate authentication from the user, it has a validity period of usually 24 hours, they don't have to request from the CA again in that time; the 24 hour authentication is stapled to the certificate
139
This allows the use of intermediate CAs
Certificate Chaining
140
The certificate's subject is:
The owner of the public key
141
Strings of numbers that look like IP addresses on a digital certificate; used to uniquely identify each element of the certificate
Object Identifiers
142
protects certificates against fraud; a technology that tells users of certificates that they should not expect certificates to change; ties a certificate to a subject for a period of time
Certificate Pinning
143
The core certificates at the heart of a CA; protect CA private keys; the first certificate in chain certificates
Root certificates
144
Able to match many different subjects; cover an entire domain, must be carefully secured, have special names
Wildcard certificates
145
CA verifies domain ownership; lowest level of trust
Domain validation certification
146
CA verifies business name; second level of trust
Organizational validation certification
147
Requires extensive investigation by the CA, the highest level of trust
Extended validation certification
148
Binary certificate format, stored as .DER, .CRT, and .CER files
Distinguished Encoding Rules (DER) certificate format
149
ASCII text equivalents of DER certificates, easily convert to text certificates, stored as .PEM or .CRT files
Privacy Enhanced Email (PEM) certificate format
150
___ files may be either DER binary certificates or PEM text certificates
CRT files
151
Binary certificate format, commonly used by Windows systems, .PFX and .P12 files
Personal Information Exchange (PFX) format
152
ASCII text equivalent of PFX certificates, commonly used by Windows systems,
P7B format
153
A transport encryption technology that uses certificates to facilitate secure communication over public networks; encrypts network communications; a protocol using pairings of encryption and hash functions/cipher suites; insecure or secure depending on the cipher suites
TLS
Transport Layer Security
154
The combination of encryption algorithms and hash functions used for encryption
Cipher Suites
155
Session keys are also known as:
Ephemeral Keys
156
A random encryption key used for a single communication period; symmetric encryption
Session Keys
157
An encryption technology; predecessor to TLS; insecure; sometimes incorrectly used as a generic term for encryption protocols including TLS
SSL
Secure Sockets Layer
158
A distributed and immutable, sometimes public, ledger; can store records in a way that distributes the records among may different systems around the world
The Blockchain
159
Blockchain technology was created to support ___
cryptocurrencies such as bitcoin
