Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
|
What are some common authorization mechanisms |
Authorization ensures that the requested activity or object access is possible, given the privileges assigned to the authenticated identity. Common mechanisms: Implicit deny Access control lists Access Matrices Capability tables Contrained interfaces |
|
|
What is Discretionary access control modules |
This type allows all objects to have owners and those owners can modify permission. Example: Windows file base systems |
|
|
What is administrative access control modules? |
Administrators centrally manage non discretionary controls. Example: SCCM |
|
|
What is Role based access control list. |
Role based access control modules use task based roles and user gain privileges when administrators place their accounts into a role. Example: Epic templates |
|
|
What is Rule based access control module? |
Rule-based access control modules use a set of rules, restrictions, or filters to determine access. Example: firewalls |
|
|
What is Mandatory access controls |
Mandatory access controls use labels to identify security domains. Subjects need matching labels to access the objects. |
|
|
What are some basic risk elements? |
Risk is the possibility or likelihood that a threat can exploit a vulnerability and cause damage to assets. Asset valuation identifies the value of assets, Threat modeling identifies threats against assets Vulnerability analysis identifies weaknesses in an organizations valuable assets Access aggregation is a type of attack that combines, or aggregates, nonsensitive info to learn sensitive info and is used in reconnaissance attacks. |
|
|
What is a brute force and dictionary attack |
Brute force and dictionary attack are carried out against a stolen password database file or the logon prompt of a system. They are designed to discover passwords. Brute force attacks- use all possible combinations of keyboard characters. Dictionary attack- predefined list of possible passwords is used in a dictionary attack. |
|
|
What is the need for a strong password? |
Strong passwords make password-cracking utilities less successful. Strong passwords include multiple character types and are not words contained in a dictionary. Password policies ensure that users create strong passwords. Passwords should be encrypted when stored and encrypted when sent over a network. |
|
|
What are sniffer attacks? |
In a sniffer attack( or snooping attack) an attacker uses a packet capturing tool to capture , analyze, and read data sent over a network. Attackers can easily read data sent over a network in clear text, but encrypting data in transit thwarts this type of attack |
|
|
What is a spoofing attack? |
Spoofing attack is pretending to be something or someone else, and is used in many types of attacks, including access control attacks. Attackers often try to obtain the credentials of users so that they can spoof the users identity. Spoofing attacks include email spoofing phone number spoofing, and IP spoofing. Many phishing attacks use spoofing methods. |
|
|
What is social engineering? |
A social engineering attack is an attempt by an attacker to convince someone to provide information or perform an action they wouldn't normally perform, such as clicking on a malicious link , resulting in security compromise. Social engineers often try to gain access to the IT infrastructure or physical facility. User education is an effective tool to prevent the success of social engineering attacks. |
|
|
What is phishing and some types of attacks? |
Phishing attacks are commonly used to try to trick users into giving up personal information, click malicious link, or open malicious attachment. spear phishing targets specific group of users. Whaling targets high-level executives. Vishing uses Voip Technologies. |
