WEEK 8

Question 1

What is CIA

Answer 1

Core principles of information security

CONFIDENTIALITY
INTEGRITY
AVAILABILITY

Question 2

Confidentiality in CIA is what

Answer 2

It ensured that data is kept private and only accessible to authorized users

(Encryption and Access Control)

Question 3

Integrity in CIA is what

Answer 3

Ensures the accuracy and trustworthiness of data

(Make sure package is not opened since it was sent out)

Info is not tampered with

Question 4

Availability in CIA is what

Answer 4

Ensures that data is accessible when needed

(Ability for an IT system to be up and running without interruption)

Question 5

Confidentiality concerns are what

Answer 5

Snooping
Eavesdropping
Wiretapping
Dumpster Diving
Social engineering

Question 6

What is Snooping

Answer 6

Am attempt to gain access to information that you are not authorized to view

(Looking at someone else’s phone to get info )

Question 7

What is Eavesdropping

Answer 7

Secretly listening to the private convo or communication of others without their consent in order to get info

Question 8

What is Wiretapping

Answer 8

Connecting a listening device to a telephone or data line to secretly monitor a convo

(Bugged phone)

Question 9

What is Dumpster Diving

Answer 9

Going through someone’s trash to find info that can be used in an attack

Question 10

What is Social Engineering

Answer 10

Manipulating, influencing, or deceiving a person in order to gain control over a computer or acquire confidential info

Question 11

Integrity concerns are what

Answer 11

Man-In-The-Middle Attack
Replay Attck
Impersonating

Question 12

What is Man-In-The-Middle Attack

Answer 12

Sneaky eavesdropper in the middle of a conversation

(Altering the communication between two parties)

Question 13

What is a Replay Attack

Answer 13

Involves am attacker recording your password or security token when it is send for authentication and then using it later to impersonate you

Question 14

What is impersonation

Answer 14

When a person impersonates a trusted entity

Question 15

Availability concerns are what?

Answer 15

Power Outage
Hardware Failure
Destruction
Service Outage
Denial of Service (DoS)

Question 16

What is a Power Outage

Answer 16

Sudden lost of electricity

Question 17

What is Hardware Failure

Answer 17

When hardware breaks down

Question 18

What is Destruction

Answer 18

Human made incidents or natural disasters

Question 19

What is Service Outage

Answer 19

No signal on your phone

Question 20

What is Denial of Service (DoS)

Answer 20

An attack that is used to overwhelms system, network, service with an excessive amount of traffic to the point where it breaks

Question 21

Best practices to secure devices

Answer 21

Antivirus / Anti-Malware
Host Firewall
Changing passwords
Safe Browsing Practices
Up to date updates

Question 22

What is Antivirus / Anti-Malware

Answer 22

Software designed to detect, prevent, and remove malicious software from computer, or nerwork

Question 23

What is Signature-based Detection Antivirus

Answer 23

Relies on a database of known malware signatures
Scans files for signatures
(Unique bits of code or characteristics)

Question 24

What is Behavioral-based (Heuristic) Detection antivirus

Answer 24

Observes the behaviors of programs in real time
It used Heuristics
(Sets of rules to analiza the actions of software)

Question 25

What is a Host Firewall

Answer 25

Protects an individual device by monitoring and controlling incoming and outgoing network traffic

Question 26

What are some thing to do when web browsing

Answer 26

Stick to trusted sites Keep browsers up to date Stay on supported browsers Enable notifications when downloading something

Question 27

Device use best practices

Answer 27

Software screening User Account Control (UAC) Remove unwanted or unused software

Question 28

What is User Account Control (UAC)

Answer 28

Utility in windows that protect your device from malicious downloads

Question 29

What is Software Screening

Answer 29

What you analyze the application you are downloading to make sure it’s trustworthy

Question 30

What are the Expectations of Privacy

Answer 30

Application may still have data that has been kept private Emails can still be read by authorities at any point File servers can show your IP and can see content of the file Instant messaging can be leaked too Locations from apps can be leaked

Question 31

What is a policy

Answer 31

A set of rules that dictate what action should be taken under various circumstances (Acceptable use policy Non disclose-sure agreement )

Question 32

What is a Non-Disclosure Agreement (NDA)

Answer 32

Legal contract that tells you what u can and can’t say to who

Question 33

What is a Procedure

Answer 33

A step-by-step instructions to preform a task (Standard Operating Procedure)

Question 34

What is Standard Operating Procedures (SOP)

Answer 34

Detailed written set of procedures that explain how to undertake a particular activity

Question 35

What is confidential Information

Answer 35

Data that should not be shared to unauthorized person (passwords, credit card data, etc..)

Question 36

Ways to protect confidential Information

Answer 36

Store it securely Encryption Never share it Good passwords

Question 37

What is Personal Identifiable Information (PII)

Answer 37

Any information that can be used to identify an individual Name Social Security Number Date of Birth Email Address Phone Number

Question 38

What is Protected Health Information (PHI)

Answer 38

Any information about an idividual's health status. Medical Records Healthcare Services

Question 39

What is AAA

Answer 39

Authentication Authorization Accounting (Verifies and manages users Identities)

Question 40

What does Authentication mean in AAA

Answer 40

Makes sure its you who is trying to log in

Question 41

What does Authorization mean in AAA

Answer 41

Determines what you can and can't do

Question 42

What does Accounting mean in AAA

Answer 42

It tracks user activities and logs them

Question 43

What are some ways that Authentication proves its you

Answer 43

Something You Know (password, PIN, security questions) Something You Have (Hardware Token, Software Token, One-Time Password) Something You Are (Biometrics, Fingerprint, Eye scan, Face scan) Somewhere You Are (Certain Location)

Question 44

What is Single-Factor

Answer 44

Verifies your identity only using one piece of evidence (just password or just a finger scan)

Question 45

What is Multi-factor

Answer 45

Requires 2 or more authentication practices to verify its you (password , finger scan, and hardware token )

Question 46

2 Factor Authentication

Answer 46

Uses EXACTLY 2 authentication factors to verify its you (password and mobile code)

Question 47

What is Single Sign-On (SSO)

Answer 47

A user authentication service that permits a user to use one set of login credentials like username and password to access MULTIPLE applications (if you leave then the next time you try to login you will need to authenticate again)

Question 48

What are Permissions

Answer 48

The specific right or privileges granted to users or software

Question 49

What are Least Privilege

Answer 49

Giving users or systems only the permissions they absolutely need to perform a task or job function and nothing more

Question 50

Role-Based Access Control (RBAC)

Answer 50

Only a certain type of department will have access to a certain type of files (Roles and job titles) (IT can see those files but others at work cant)

Question 51

Rule-Based Access Control

Answer 51

Has rules on how they have permissions (Example Rule 1. only get permissions when at work)

Question 52

Mandatory Access Control (MAC)

Answer 52

Uses labels and classifications to determine access

Question 53

Discretionary Access Control (DAC)

Answer 53

When the owner of the info decides who gets permissions

Question 54

What are Logs

Answer 54

Records that provide a chronological account of events in a system (logins, file accesses, system errors, security breaches) (digital footprints left behind on a system) (silent guardians)

Question 55

What us Non-Repudiation

Answer 55

A safeguard that guarantees individuals or entities involved in a digital transaction cannot later refute or deny their participation of their actions (ensuring that they cant say "I DIDNT DO THAT") (videos, fingerprint, digital signature, recipe)

Question 56

What are passwords best practices

Answer 56

Password length (longer is better) Must meet complexity (need characters like *&@!$) Not to reuse the same password Password expiration date Password lock out after certain attempts Avoid using password for all accounts

Question 57

What is Plain Text

Answer 57

Normal text that is readable by anyone (Hasn't gone trough encryption)

Question 58

What is Cipher Text

Answer 58

Encrypted text that is not readable by anyone

Question 59

To make Cipher Text into Plain Text you do what

Answer 59

Decryption (need a specific key to do this)

Question 60

What is Data at Rest

Answer 60

Data stored on devices that is not actively being used or transmitted (files sitting in your HDD)

Question 61

What is File-Level Encryption

Answer 61

Encryption on files

Question 62

What is Disk-Level Encryption

Answer 62

Encrypts the entire storage device (Protects everything on your computer)

Question 63

What is Data in transit

Answer 63

Data that moves from one point to another (EMAIL)

Question 64

What do SSL (Secure Socket Layer) and TLS (Transport Layer Security) do?

Answer 64

Digital Handshakes agreeing on encryption methods

Question 65

What is a VPN

Answer 65

Creates a secure encrypted connection between your device and a remote server (protected tunnel)

Question 66

What is Business Continuity

Answer 66

Proactive approach to ensure that essential business functions persist during and after any unforeseen event (keep going)

Question 67

What is Fault Tolerance

Answer 67

The ability of a system to continue operating without interruption even when one or more of its components fail

Question 68

What is Redundancy

Answer 68

Duplication of critical components to increase reliability and prevents system failure (back up in case something fails)

Question 69

What us Network Redundancy

Answer 69

Ensures that data still flows even if a part of a system fails (More routers to make sure it has a back up) (Back up route to make sure data still flows)

Question 70

What is Failover

Answer 70

The automatic process where in the event of a failure the system switches to a redundant or standby system (redirect tasks to a redundant server) (when server fails it will switch to a backup server)

Question 71

What is Power Redundancy

Answer 71

Ensures the system is still powered even if the primary power source fails (Emergency power generator, backup power supply)

Question 72

What is a Uninterruptible Power Supply (UPS)

Answer 72

Device that provides immediate and uninterrupted emergency power to connect devices when the main power source is lost (seamless transition)

Question 73

What is a Generator

Answer 73

Device that transforms mechanical energy like gas or diesel or gas into electrical energy (long term solution) (brief delay to turn on)

Question 74

What is Data Replication

Answer 74

When you copy data from one location to another

Question 75

What is Data Redundancy

Answer 75

Making a copy of the original in case something happens to it

Question 76

What is a Redundant Array of Independent Disks (RAID)

Answer 76

Technology uses to combine multiple had drives into a single unit to improve data reliability, performance, or both

Question 77

What does RAID 0 offer

Answer 77

Does not offer redundancy (if one fails the whole system fails) (striping)

Question 78

What does RAID 1 offer

Answer 78

Storage is MIRRORED across two disks (in case one fails it will still function but does not improve performance)

Question 79

What does RAID 5 offer

Answer 79

Its kind of like a balance between raid 0 and raid 1 but it has PARITY (Has redundancy through PARITY) (Has performance and redundancy)

Question 80

What does RAID 10 offer

Answer 80

Merges the mirroring of raid 1 with the striping of raid 0 (Has fast performance and redundancy)

Question 81

What is Disaster Recovery

Answer 81

Resorting IT systems after a disaster (backup or a replicated system) (priorities) (Decide when to give back users access to it)

Question 82

What is Backup Considerations

Answer 82

File Backups Critical Data Database Backups OS Backups

Question 83

Pros and Cons of On-Site

Answer 83

Pro (Faster download and accessibility) Con (Can get lost in fire, stolen, flood)

Question 84

Pros and Cons of Off-Site

Answer 84

Pro (Can access data from anywhere if you have internet, more space) Con ( Need internet, subscription fee, can get stolen by hackers)