Domain 2 Flashcards by Jesse Margarini

What captures the relationships between physical and logical assets

Diagrams

How well did you know this?

Not at all

Perfectly

are the minimum level of security required for the system or application

Baseline Configuration

How well did you know this?

Not at all

Perfectly

reduce error and provides a clear communication standard

Standard Naming Conventions

How well did you know this?

Not at all

Perfectly

Advanced planning is needed to apply deviations from an organization’s IP addressing schema

Internet protocol (IP) schema

How well did you know this?

Not at all

Perfectly

refers to regulations pertaining to data being stored in other countries

Data sovereignty

How well did you know this?

Not at all

Perfectly

What is the practice of enacting security controls that protect the CIA (Confidentiality, Integrity, Availability) of data

Data Protection

How well did you know this?

Not at all

Perfectly

What is the systems way to prevent unwanted sensitive data from leaving the organization’s network

Data loss prevention (DLP

How well did you know this?

Not at all

Perfectly

The act of hiding data by redacting all or parts of its content to preserve its confidentiality

Masking

How well did you know this?

Not at all

Perfectly

Data, whether at rest, in motion, or in processing requires encryption

Data At rest/ In transit/motion/ In processing

How well did you know this?

Not at all

Perfectly

is the process of replacing data fields with random values

Tokenization

How well did you know this?

Not at all

Perfectly

What refers to the practice of protecting the rights of users over digital objects

Rights management

How well did you know this?

Not at all

Perfectly

The lack of physical borders in the online world makes rights management difficult to govern

Geographical considerations

How well did you know this?

Not at all

Perfectly

Policies such as a BCP (Business Continuity Plan) or DRP (Disaster Recovery Plan) that are created to promote business resiliency

Response and recovery controls

How well did you know this?

Not at all

Perfectly

A security feature that prevents attackers from bypassing security through encrypted channels

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection

How well did you know this?

Not at all

Perfectly

A mathematical function that creates a fixed-length output from a variable-length input, used to verify the integrity of data

Hashing

How well did you know this?

Not at all

Perfectly

Security controls should be in place to authenticate users and not allow for unwanted access

API Considerations

How well did you know this?

Not at all

Perfectly

is an alternative site that has little to no backups of the original site’s data and is fully operational within weeks

Cold Site

How well did you know this?

Not at all

Perfectly

is an alternative site that has full backups of the original site’s data and is fully operational within minutes to a few hours

Hot site

How well did you know this?

Not at all

Perfectly

is an alternative site that partial backups of the original site’s data and is fully operational within a few days

Warm site

How well did you know this?

Not at all

Perfectly

are computer systems with fake data that is designed to attract hackers

Honeypots

How well did you know this?

Not at all

Perfectly

are computer files that are designed resemble legitimate files but contain fake data

Honeyfiles

How well did you know this?

Not at all

Perfectly

A network designed as a decoy to attract hackers

Honeynets

How well did you know this?

Not at all

Perfectly

refers to fake network traffic that is designed to mimic real network communication

Fake Telemtry

How well did you know this?

Not at all

Perfectly

occurs when a user is redirected to a malicious or wrong URL

DNS Sinkhole

How well did you know this?

Not at all

Perfectly

A cloud computing model to provision cloud-based IT resources and components

Infrastructure as a service (IaaS

A cloud computing model to provision cloud-based IT services such as database management

Platform as a service (PaaS)

A cloud computing model to provision cloud-based software directly to a user over the internet

Software as a service (SaaS

The provisioning of ad hoc services via a cloud service

Anything as a service (XaaS)

refers to a cloud environment that is accessible by multiple organization

Community Cloud

cloud refers to a cloud environment that is only accessible by a single organization

Private

What cloud refers to a cloud environment that is a mix of both public and private cloud environments

Hybrid Cloud

A company that manages the IT infrastructure and security services of an organization

Managed service provider (MSP)/managed security service provider (MSSP

refers to a distributed cloud architecture that reduces latency

Fog computing

refers to a cloud architecture that performs computing at the edge of a network

Edge Computing

is a lightweight computer with limited capabilities and resources

Thin cilent

are environments that packages code to be executed software within an isolated and standard environment

Containers

collection of small modules that work together to create a complete system

Microservices/APIA

The act of provisioning IT systems and applications from machine-readable files and code

Infrastructure as code

A network architecture to manage compatible IT networking devices through computer programming

Software-defined networking (SDN)

Real-time reporting of configuration data through application programmable interfaces (APIs

Software-defined visibility (SDV)

An organization owns and manages web applications and rents its usage to users, usually on a subscription model

Serverless architecture

The process of enabling separate processes and services to work together

Services integration

define how resources are provisioned along with its restrictions

Resource policies

allows for a network connection to a Virtual Private Cloud network

transit gateway

is the technology that allows a computer to have multiple operating systems installed

Virtualization

A set of management practices and policies to keep track of **** within the enterprise. To make sure they can be controlled.

Virtual machine (VM) sprawl avoidance

Pre-programmed security controls that prevents a virtual machine from escaping its hypervisor and infecting the host operating system

VM escape protection

Computing ****** are isolated areas that provide the functionalities required for software development, testing, staging, and production

Environment

A ********** environment is an isolated computing environment designed for software development

Development

The **** environment is an isolated computing environment that resembles the production environment but is designed for software testing and troubleshooting

Test

is an isolated computing environment where tested software is prepared for the production environment

Staging

What is the process of ensuring manufactured components are clear of defects prior to its integration

Quality Assurance

_______ is the process of assigning permission to users. ________ is removing the users’ permissions.

Provisioning/Deprovisioning

The process to determine if unauthorized changes have been made to data.

Integrity measurement

Is the process of removing unwanted characters from a string input prior to its processing

Normalization

are pre-compiled functions to query a database

Stored procedures

this the practice of writing code that is difficult to analyze by observing its source code

Obfuscation/Camouflage

is code that when executed, its results are not used elsewhere within the application

Dead weight

Applications can perform input validation and code execution locally or on a remote server

Server-side vs. client-side execution and validation

Is the process of allocating memory to applications to avoid a memory leak

Memory Management

Software developers use SDKs to create software within a pre-built programming environment

Use of third-party libraries and software development kits (SDKs

occurs when the application loses control of its data during operations

Data Exposure

OWASP is a nonprofit organization dedicated to the protection of web-based applications

Open Web Application Security Project (OWASP

The process of having different components for software features and capabilities

Software diversity

converts programming languages to binary language

Complier

diversity is the act of creating identical binary images with different specifications

Binary

The process of automating tasks and courses of actions to prevent, detect, and recover from security incidents

Automation/scripting Automated courses of action

The process of constantly detecting and evaluating the risks associated with software systems

Continuous monitoring

The process of constantly detecting and evaluating security baseline changes to software systems

Continuous Validation

A technique to detect and resolve code conflicts by reducing interaction errors

Continuous integration

is a technique to deploy changes quickly and sustainably to software systems

Continuous delivery

is a technique to automatically release new software versions for immediate availability

Continuous deployment

refers to a system’s ability to withstand changes without issue

Elasticity

refers to a systems’ ability to increase its workload capacity with its current resources

Scalability

is the process of tracking the changes to different versions of software

Version Control

is the process of verifying an identity previously established in a computer system

Authentication

allows centralized security management and provides a logical means of organizing resources (users, printers, etc. data storage mechanism similar to database

Directory Services

A collection of autonomous computer networks that agree on a common set of operating standards, identities can access resources on diverse networks

Federation

What is the supplying of proof or evidence of some fact, Used to verify the trustworthiness of a system

Attestation

An authentication technology that uses a time-based fact to create unique password

Time-based one-time password (TOTP)

An authentication technology that’s based on the ____ algorithm

HMAC-based one-time password (HOTP)

An authentication technology that’s based on sending text messages

Short message service (SMS)

is a small piece of hardware that is used to identify and authenticate a user, Tokens can be virtual and contains, the user’s rights and access privileges

Token Key

The password/cryptographic key remains on the Usually would require an additional factor such as a PIN or password

Static Code

allow the user to initiate a logon and the application generates a response that the user enters intothe system

Authentication Applications

sends the user authentication notifications or access codes directly to the user’s mobile device

Push Notifications

can be used to verify that the user is in possession of the actual mobile device

Phone Call

carry long cryptographic tokens that are too large to guess

Smart Card Authentications

factors are biological factors specific to an individual

Biometrics

is the measurement of the pattern expressed by a person as they walk

Gait Analysis

For biometrics to be effective, they must have both low false positive rates and low false negative rates

Efficacy Rates

determines what level of false positives is allowed in the system

False Acceptance

determines what level of false negatives, or rejections, are going to be allowed in the system

False Rejections

(CER) is where both accept and reject error rates are equal, This is the desired state for the most efficient operation

Crossover error rate

What Attributes are collections of artifacts that focus on elements associated with the user

Multifactor authentication attributes

Something you ….., refers to presenting a trigger and measuring a response that cannot be fakedAn example is the results of a lie detector test

Something you exhibit

verifies the identity of the subject by comparing one or more factors against a database of valid identities (e.g., user accounts

Authentication

indicates who is trusted to perform specific operations For example, administrators grant a user access to files based on the user’s proven identity

Authorization

provides accountability by ensuring that subjects can be held accountable for their actions

Auditing

includes auditing, logging, and monitoring

Accounting

Determination of authentication processes should rest on data criticality and who needs access

Cloud vs. on-premises requirements

What is the use of multiple, independent elements to perform a critical function

Redundancy

number of third-party companies offer high-speed connections for storing data in a separate facility, Depending on the level of security desired, the storage facility could be reinforced against possible threats in the area (such as tornados or floods

Geographic dispersal

Disks are the primary storage mechanism in a system, whether composed of physical hard drives with spinning platters or solid-state memory devices can increase the speed of data recovery as multiple drives can retrieve data at the same time

Redundant array of inexpensive disks (RAID 0)

What splits data across all the drives with no redundancy offered

Redundant array of inexpensive disks (RAID) Level 0 (striped disks)

What copies the data from one disk onto two or more disks If any one disk is lost, the data is not lost since it is also copied onto the other disks

Redundant array of inexpensive disks (RAID) Level 1 (mirrored disks)

What is designed to be able to recover the loss of any single disk using error-correcting technique

Redundant array of inexpensive disks (RAID) Level 2 (bit-level error-correcting code

What spreads the data across multiple disks at the byte level with one disk dedicated to parity bits

Redundant array of inexpensive disks (RAID) Level 3 (byte-striped with error check)

What stripes data across several disks but in larger stripes than in RAID 3, and it uses a single drive for parity-based error checking

Redundant array of inexpensive disks (RAID) Level 4 (dedicated parity drive)

What stripes the data at the block level and spreads the parity data across the drives, is the most common method used

Redundant array of inexpensive disks (RAID) Level 5 (block-striped with error check)

provides redundancy in the event of a problem with a network adapter

Multipath

is the infrastructure that connects IT components

Network

What move loads across a set of resources in an effort not to overload individual servers

Load balancers

teaming groups multiple NICs together This provides for load balancing and fault tolerance

Network interface card (NIC) teaming

What are power supply systems that can function using a temporary battery backup in the event of a power failure

Uninterruptible power supply (UPS

A ____ _______ is a system where two independent power supply units, either capable of handling the load, are used

Dual Supply

PDU) is a device designed to handle the electrical power for server racks

Power Distribution Unit

What is a dedicated network that connects compute elements to storage elements

Storage Area Network (SAN)

What technologies can enable replication of processing units that can be manipulated between different computers

Virtual Machine (VM)

Location is an important consideration when determining redundant storage locations

On Premise Vs Cloud

What backup are all files and software are copied onto the storage media?

Full

Backs up files that have changed since the last full or _____ backup occurred, Requires fewer files to be backed up

Incremental

A _______ is a copy of a virtual machine at a specific point in time, a ____\ is created by copying the files that store the virtual machine

Snapshot

Backs up files that have changed since the last full backup

Differential

_____ drives are an older form of data storage mechanism, and they are characterized by their sequential read/write access. For bulk storage of backups, ____ is still a viable alternative in terms of cost and performance.

Tape

The term _____ refers to either a physical hard drive with spinning platters or a solid-state memory deviceBacking up a ____ is a common operation for a single computer.

Disk

What is the simplest form of backup for a file or set of files. One of the advantages of having users make copies of critical documents is the ability to do a quick restore in the event of an overwrite error.

Copy

What is the use of a network connection to attach external storage to a machine

Network attached storage (NAS)

What storage can increase security concerns because someone else is protecting the data

Cloud

What backup is a specific structure of the backup file to match that of the system being backed up

Image based

______ backups have the advantage of providing geographic separation of the backups from the original system, ____ backups are those stored on an offline system that is not accessible via the Internet

Online/Offline

Backups that are ones stored in a location separate from the system being backed up

Offsite Storage

What is also critical when examining the reach of a disaster, It is important that the offsite location is far enough away that it is not affected by the same incident.

Distance Considerations

refers to system items that are not permanent and can change

Non-persistence

A system’s ability to recover to a pre-incident state

Revert to known state

A system’s ability to recover to a known state in the event of a boot failure

Last known-good configuration

A bootable flash drive or DVD source that contains a complete bootable image of the OS

Live Boot Media

The ability to maintain the availability of data and operational processing despite a disrupting event

high availability

enables a system to accommodate larger workloads

Scalability

The most important data needs to be identified and then backed up in a manner that facilitates its quick restore

Restoration Order

Having ______ in technologies, vendors, processes, and controls can assist in resiliency through differences in failure modes

Diversity

Having a diverse set of these elements improves the chances of catching an attacker, even when they can beat one or two control elements

Technologies

Having diversity in the vendors used for security prevents vendor-specific forms of single points of failure and creates a more robust set of defensive capabilities

Vendors

to work, both sides must agree on algorithms, keys, and other parameters, Diversity can still exist in this environment

Cryptographic solutions

Multiple layers of different security controls lower your attack surface and increase your defense-in-depth

Controls

are computers that are included as part of a larger system Printers, SMART TVs, and automobiles have embedded systems

Embedded Systems

________ is a low-cost (less than $50), single-board computer

Raspberry Pi

What are electronic circuits that are programmed to perform a specific function

Field-programmable gate array (FPGA)

is a single-board microcontroller, not a full-fledged computer like the Raspberry pi

Arduino

What is the system that is designed to control automated systems in cyber-physical environments

Supervisory control and data acquisition (SCADA)/industrial control system (ICS)SCADA/ICS system

SCADA systems find many uses in facilities, ranging from the building automation systems of the HVAC system, to pumps for water pressure, escalators and elevators, and fire alarms

Facilities

Facilities that may include a fire alarm, surveillance, and HVAC system, depending on the requirements of the facility

Industrial

Industrial facilities may include SCADA and PLC (programmable logic controllers) systems

Manufacturing

systems include chemical, solar, and nuclear facilitiesLike manufacturing, energy systems may include SCADA

Energy

What systems may include surveillance and geolocation, depending on the requirements of the facility It can involve sea, surface (roads and rail), and air transport

Logistics

refers to a device that connect directly via the Internet for a specific function

Internet of Things (IoT)

is the transmission of voice communications over IP networks

VoIP(Voice Over IP)

are climate control systems that are managed by embedded systems

HVAC systems

combine the functionalities of a printer, scanner, and fax machine, with full network connectivity

Multi Function Printers (MFP)

Real-time operating systems are designed for devices where the processing must occur in real time

operating system

These are used in enterprises such as news organizations, which rely on getting the data live without extra processing delays

Surveillance Systems

refers to a complete computer system miniaturized on a single integrated circuit Designed to provide the full functionality of a computing platform on a single chip

System on a chip (SoC)

communications use narrow bands of frequencies for low-data-rate communications This type of radio offers advantages in range and power utilization

Narrow-band radio

refers to the signal that is being transmitted and represents a single channel of communication

Baseband Radio

A ____ card provides a means of identifying users and other key items of information when using telecommunication networks

Subscriber identity module (SIM) cards

is a low-power mesh radio service used to connect sensors and basic devices

Zigbee

When the ____ supply is interrupted and no backup ____ supply exists, the device stops functioning ______ drives many design elements because extra functionality that is not needed uses ____ without adding functionality

Power

Excess ____ capacity results in more power drain and less useful life on a battery charge

Compute

_____ limitations are due to constraints from power and connectivity _____ devices require a radio transceiver, increasing power demands

Network

_______ functions can be essential to secure data during transmission but the The level of computational resources for ____ functions can be substantial

Cryptographic functions

This is typically caused by a series of design decisions predicated on producing single-purpose devices like a Raspberry Pi or Arduino

Inability to patch

_______ systems are critical system requirements sometimes not adopted by embedded and specialized systems

Authentication

What is a function of power and is a limitation of many specialized and embedded systems

Range

Extra functionality leads to extra ___ If this functionality isn’t needed in the final solution, the money is wasted

Cost

refers that trust that has not been specifically set up but exists

Implied Trust

________ are physical barriers that are designed for an attacker to only gain access by a single gap A _______ is a simple post-type barricade that prevents a vehicle from passing but allows people to walk past

Barrier Bollard

An _______ _____ ______ is composed of two closely spaced doors that require the user to card through one and then the other sequentially

access control vestibule

A _____ with a picture on it can enable others to quickly determine the identity of an employee or recognize an intruder

Badge

______ can provide information as to areas that are restricted, or it can indicate where specific precautions, such as keeping doors locked, are required

Signage

______ enable the re-creation of scenes at a later date Video ____ offer an even greater range of surveillance capability

Camera

What technology can sense differences in temperature, which can be from a person entering a room

Motion recognition

What technology can scan video for movement and detect people, cars, and other designated objects such as packages left on a porch

Object detection

______ are used to monitor a workplace for security purposes These systems are commonplace places with high-value merchandise that is attractive to thieves like banks and jewelry stores

Closed-circuit television

Utilities that made physical modifications less conspicuous and improve the visual surroundings An example is 58 Joralemon Street, New York City, which is a ventilation shaft and emergency access to the New York subway

Industrial Camouflage

What provides a simple means of securing portable equipment to furniture or another fixture in the room where the equipment resides

Cable locks

______ are devices that impede a specific function unless a code is entered This code is compared to a stored secret, and if the correct code is entered, the lock engages the mechanical stop and allows the mechanism to open

Electronic Locks

Laptops are popular targets for thieves and should be locked inside a desk when not in use, or secured with special computer lockdown cables

Locks

What prevents attackers from infecting a device with malware or stealing data

USB Data Blocker

What is a Class A fire?

Common Combustibles, Wood, Paper. Water or Dry chemical, ASHE

What is a class B fire?

Combustible liquids, petroleum products/organic solvents Co2 or dry chemical

What is a class C fire?

Electrical, electrical equipment, wiring, or tools. Co2 or dry chemical Class SEE

What is a class D fire?

Flammable metals like magnesium or titanium, copper metal or sodium chloride

A ____ _____ can send alerts in areas where there is little or no expected traffic _____ ______can be used to trigger video systems, so they do not record large amounts of “empty” activity

Motion Detectors

What are sensors that provide a signal at a specified distance The most common application of these are card readers connected to doors

Proximity readers

What sensors provide a remote means of monitoring everything from water leaks to humidity problems

Moisture Detection

What can provide much greater detail in tracking who is in a facility and when they have come and gone

Cards

What should be placed in highly temperature-controlled areas such as server rooms

Temperature sensors

What can provide security to physical facilities remotely, providing eyes on demand in a variety of places

Drones

What is an enclosure that’s designed to contain the transmission of radio signals

A faraday cage

What is a term used to describe the physical and logical separation of a network from all other networks This separation is designed to prevent unauthorized data transfers to and from the network

Air Gap

A security zone that contains public facing servers or systems where access is restricted

Screened Subnet

provides security to the cabling between systems from all physical hazards, including interception and tapping

Protected cable distribution

____ _____ are those areas where specific preventative measures are taken to control access both to and from _____ _____limit information and people flow in and out of the area

Secure areas

An ___ ___ is a security measure implemented to ensure that systems within a secure network are totally isolated (not connected) from an unsecure network such as the Internet

Air gap

A ____ is a secured area that is designed to provide a specific level of security for what is stored inside

Vault

are physical storage devices that are intended to impede unauthorized access to their protected contents

Safes

A data center that is arranged into ____ _______ dictates that all the intake fans on all equipment face the cold aisle and that the exhaust fans all face the opposite aisle

Hot & Cold Aisles

Once the storage media is rendered into a form that can be destroyed by fire, the chemical processes of fire are irreversible and render the data lost forever

Burning

is a process by which paper fibers are suspended in a liquid and recombined into new paper

Pulping

is a physical process of destruction using excessive physical force to break an item into unusable pieces

Pulverizing

______ realigns the magnetic particles, removing the organized structure that represented the data ______ effectively destroys all data on the media

Degaussing

Vendors sell data destruction as a service These vendors can take advantage of scale, increasing the capability while sharing the cost of equipment

Third Party Solutions

_____ ______ are the result of a hashing algorithm used to sign a message A ______ _______ system is used to ensure that a message was not altered during transmission, and that the message did in fact come from the sender and not an imposter

Digital Signature

The strength of a cryptographic function typically depends upon the strength of a key The more valuable the data, the longer the key should be

Key Length

___ _______is a mechanism that takes what would be weak keys and “stretches” them to make the system more secure against brute-force attacks

Key Stretching

______ is the practice of placing random digits at the end of a password prior to the hashing process ______ increases the complexity of the hash therefore increasing the work factor required to decrypt a message

Salting

is used to ensure the accuracy of data A ______ function is used to derive an output with a fixed length from a message with a variable length

Hashing

With symmetric encryption the message to be protected is encrypted and decrypted using the same secret key Asymmetric encryption uses two separate keys to encrypt and decrypt the message

Key Exchange

What allows the client’s session key to be encrypted with the server’s public key, but the public key never changes If an attacker steals the server’s private key in the future, they could then decrypt the stored, captured traffic

Diffie-Hellman Exchange (DHE)

What is based on a discrete logarithm problem that mathematicians believe to be extremely difficult to solve The derived key length from an elliptic curve algorithm is smaller in comparison to RSA with the same equivalency in work factor

Elliptic curve cryptography

What is a property of a public key system in which a key derived from another key is not compromised, even if the originating key is compromised in the future

Perfect forward secrecy (PFS)

Quantum computers use a structure called qubits, which allow information to be represented differently than just “on” or “off ” as binary bits do

Quantum communications

Quantum hardware is still in its early stages of development, and the immense computing power in these platforms will revolutionize cryptography Quantum cryptography is the use of quantum _______ hardware to perform encryption and decryption processes

Computing

There are currently several cryptographic algorithms that have been developed to use different mathematical properties These algorithms make simultaneous solution sets not as effective, thus limiting the power of quantum computing

Post Quantum-Era

are cryptographic keys that are used only once after generation

Ephemeral keys

________ encryption with associated data (AEAD) is a form of encryption designed to provide both confidentiality and authenticity services A wide range of _________ modes is available for developers, including GCM, OCB, and EAX

Authenticated

What modes use a non-identity-based source for the entropy element for subsequent blocks Each block is XORed with the previous ciphertext block before being encrypted

Unauthenticated

_______ mode (CTM) uses a “_____” function to generate a nonce that is used for each block encryptionDifferent blocks have different nonces, enabling parallelization of processing and substantial speed improvements

Counter

What are lists of records, where each addition to the list is done by a cryptographic algorithm The concept of this was invented to create the public transaction ledger of cryptocurrencies

Blockchain

What is a negotiated package of algorithms, ciphers, and protocols used to manage a conversation between two systems This suite will list the key exchange mechanism, the authentication protocol, the block/stream cipher, and message authentication

Cipher suite

What is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 bits) at once as a group rather than to one bit at a time

Block Cipher

What is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. _________ are often used for their speed and low latency

Stream Cipher

_________ encryption tends to be faster, is less computationally involved, and is better for bulk transfers. __________ encryption uses two keys, and it is slower but more secure

Symmetric Asymmetric

What is a specialized suite of cryptographic algorithms designed to operate in IoT environments that are resource-constrained

Lightweight cryptography

What is the art of using cryptographic techniques to embed secret messages within another message

Steganography

H is a set of algorithms that allows operations to be conducted on encrypted data, without decrypting and re-encryptin

Homomorphic encryption

Cryptographic functions tend to take significant computational powerCryptographic functions such as elliptic curve cryptography are well suited for ______ ____

Low-power devices

Stream ciphers are examples of ____ ________ cryptographic operations that support operations with time constraints

Low-Latency

Cryptographic solutions can help systems to resume normal operational conditions after an external disruption

High Resiliency

Cryptography is the primary means of protecting data confidentiality—at rest, in transit, and in use

Supporting Confidentiality

Message authentication codes (MACs) supported by hash functions are an example of cryptographic services supporting integrity

Supporting integrity

Encryption systems can protect code from casual observation by unauthorized parties

Supporting obfuscation

Cryptographic functions can be employed to demonstrate authentication, such as the validation that an entity has a specific private key associated with a presented public key

Supporting authentication

What is the ability to verify that a message has been sent and received so that the sender (or receiver) cannot refute sending (or receiving) the information

Support Non Repudiation

The more complex the algorithm, the more rounds that are performed and the stronger the encryption, but the slower the throughput

Speed

What is a means of approximating strength, at a cost of speed, Longer keys take longer to generate, and the more rounds a system operates, the longer the time to encrypt/decrypt

Size

What are keys that result in weak encryption, despite its key length Currently DES, RC4, IDEA, Blowfish, and GMAC algorithms can suffer from weak keys

Weak Key

The objective of cryptography is to protect data for a long-enough period that brute-force decryption is not a factor in the security equation, Older methods, such as DES, have proven to no longer provide long protection times due to modern computing speeds.

Time

If we want to protect materials for the next 25 years, we need to consider what computing power will be available in the next 25 years—a challenge given advances in quantum computing

Longevity

The use of cryptographic random numbers is important, as it removes the _______ problem of pseudorandom number generators

Predictability

The more material that an attacker can get using the same key, the greater his ability to use cryptanalysis tools to break the scheme. This is how the Enigma and Purple machines failed during WWII

Reuse

What is the measure of randomness associated with a series of values A lack of good _______ may leave a cryptosystem vulnerable and unable to securely encrypt data

Entropy

One of the limitations of a cryptographic system is the level of ______ ______ needed to generate the system Different algorithms have differing means of computing the complexity that makes cryptographic solutions secure

computational overhead

Constraints the intended use of the system should be considered when determining its cryptographic solution

Resource vs. Security

Domain 2 Flashcards

(254 cards)