Random Flashcards
What is the difference between an operational security policy and an application security policy?
Operational security policies govern the security of the overall IT environment, while application security policies focus on the security of specific applications and software development practices.
What is the purpose of mandatory vacation policies from an operational security perspective?
Mandatory vacation policies help detect insider threats and fraud by ensuring that another employee performs each individual’s duties periodically.
How can organizations enforce the principle of least privilege for application security?
By implementing role-based access control (RBAC) and attribute-based access control (ABAC) models within applications.
What are the benefits of implementing a zero trust security model?
Zero trust improves security posture by eliminating implicit trust, continuously validating every stage of digital interaction, and strictly enforcing access control.
What is the difference between rule-based access control and role-based access control (RBAC)?
Rule-based access control grants access based on specific rules, while RBAC grants access based on defined roles within an organization.
How does attribute-based access control (ABAC) differ from role-based access control (RBAC)?
ABAC grants access based on attributes of the subject, resource, action, and environment, providing more granular control compared to RBAC.
What are the benefits of implementing the Bell–LaPadula model for access control?
The Bell–LaPadula model ensures confidentiality by enforcing “no read up” and “no write down” rules based on security clearance levels.
How does the Biba model differ from the Bell–LaPadula model?
The Biba model focuses on maintaining data integrity, while the Bell–LaPadula model prioritizes confidentiality.
What is the purpose of the Brewer and Nash model (Chinese Wall model)?
The Brewer and Nash model prevents conflicts of interest by dynamically adjusting access rights based on a user’s previous actions.
What are the key elements of an effective security awareness training program?
Engaging content, regular training, real-world examples, interactive elements, and periodic assessments to measure retention and understanding.
How can organizations measure the effectiveness of their security awareness training efforts?
Through metrics such as phishing simulation click rates, number of reported incidents, employee surveys, and assessments.
What role do gamification techniques play in security awareness training?
Gamification increases engagement, motivation, and knowledge retention by incorporating game-like elements such as points, badges, and leaderboards.
What is the purpose of the MITRE ATT&CK framework?
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used to develop threat models and methodologies.
How can the MITRE ATT&CK framework be used to improve an organization’s security posture?
By identifying gaps in defenses, prioritizing security investments, enhancing detection capabilities, and strengthening incident response procedures.
What is the difference between Nmap and OpenVAS?
Nmap is primarily a network exploration and security auditing tool, while OpenVAS is a comprehensive vulnerability scanner and management solution.
How can Wireshark be used to identify potential security issues in network traffic?
By analyzing traffic patterns, detecting anomalies, identifying unencrypted sensitive data, and investigating suspicious activities.
What is the purpose of the Metasploit framework in penetration testing?
Metasploit is an open-source platform that provides a collection of tools and exploits to simulate real-world attacks and assess the security of systems and networks.
What is the difference between symmetric and asymmetric cryptography?
Symmetric cryptography uses a single key for both encryption and decryption, while asymmetric cryptography uses a pair of keys (public and private) for encryption and decryption.
What are the advantages of elliptic curve cryptography (ECC) over RSA?
ECC provides stronger security with shorter key lengths, resulting in faster computations, lower power consumption, and reduced storage and transmission requirements.
What is the purpose of a key exchange protocol, such as Diffie-Hellman?
Key exchange protocols allow two parties to establish a shared secret key over an insecure communication channel without prior knowledge of each other.
What is the difference between a stream cipher and a block cipher?
A stream cipher encrypts data one bit or byte at a time, while a block cipher encrypts fixed-size blocks of data (e.g., 64 or 128 bits) at a time.
What is the purpose of a message authentication code (MAC) in cryptography?
A MAC ensures the integrity and authenticity of a message by generating a small piece of data that is computed using a secret key and appended to the message.
What is the difference between collision and preimage resistance in cryptographic hash functions?
Collision resistance means it is computationally infeasible to find two different inputs that produce the same hash output, while preimage resistance means it is computationally infeasible to find an input that produces a given hash output.
What is the purpose of a hardware security module (HSM) in cryptographic key management?
An HSM is a physical device that safeguards and manages digital keys, performs cryptographic operations, and provides tamper resistance and detection features.
