Module 5 - Security Concerns Flashcards Preview

CompTIA ITF+ 2021 > Module 5 - Security Concerns > Flashcards

Flashcards in Module 5 - Security Concerns Deck (18)
Loading flashcards...
1

What are the three properties of secure information?

Confidentiality, Integrity, and Availability (the CIA Triad)

2

What is security?

The practice of controlling access to something (a resource)

3

List three confidentiality concerns in the context of security.

1. Snooping
2. Eavesdropping/Wiretapping
3. Social engineering/Dumpster Diving

4

If someone attempts to get access to information or a host or storage device (data at rest) that they are not authorized to view (e.g., by stealing password, using an unlocked workstation, or installing spyware), breaking confidentiality, what is this called?

Snooping

5

What is it called when someone snoops on data or telephone conversations as they pass over the network? Also what is another name for it?

Eavesdropping/wiretapping. Also called sniffing.

6

How can networks protect data in transit from eavesdropping/wiretapping (sniffing)?

Segmentation and encryption

7

What is it called when someone gets users to reveal secure information or finds vulnerable printed information, sometimes posing as IT professionals or technical support?

Social engineering/dumpster diving

8

What are some passive threats to security?

Copying data to an unsecure storage location or attaching the wrong file to an email

9

What are three types of integrity attacks that threaten security?

1. Man in the Middle
2. Replay
3. Impersonation

10

What is the security concern dealing with information being known only to authorized users?

Confidentiality

11

What is the security concern that protects information being stored and transferred as intended and not being modified without authorization?

Integrity

12

What is the security concern that ensures that information is accessible to those authorized to view or modify it?

Availability

13

What is it called when a host sits between two communicating notes and transparently monitors, captures, and relays all communication between them? The attacker may change messages between a sender and receiver without the team’s knowledge.

Man-in-the-Middle (MitM)

14

What policies/processes can be used to protect against an MitM attack?

Authentication of users and encryption to validate messages

15

When a host captures another host’s response to some server and replays that response to gain authorized access, what is it called? This may involve exploiting an access token generated by software.

Replay

16

How can an encryption protect against replay?

With encryption and timestamping so that tokens cannot be misused

17

What is a common attack where someone attempts to figure out a password or other credentials to gain access to a host through, for example, interception of password packets or brute force?

Impersonation

18

What are some threats against availability from a security standpoint?

1. Accidents
2. Oversights
3. Denial of Service (DoS)/Distributed Denial of Service (DDoS)
4. Power Outage
5. Hardware Failure
6. Destruction
7. Service Outage