Cissp-Pj

Front 1

The fundamentals of cyber security is built on

Back 1

CIA TRIAD

Hint 1

A three letter organization😂

Front 2

Confidentiality

Back 2

Data available to authorized users only.

Hint 2

C

Front 3

Data integrity

Back 3

Data can be trusted

Hint 3

I

Front 4

System Integrity

Back 4

The system will work as intended

Hint 4

It works!!

Front 5

Availability

Back 5

Operating and accessible when needed

Hint 5

It’s ready!

Front 6

Assurance

Back 6

A level of confidence that a control works

Hint 6

Are you sure? Of course I am sure!

Front 7

The priority of CIA is based on

Back 7

Organizational objectives

Front 8

True or False: Security should be an enabler not a disruptive force

Back 8

True

Front 9

Governance

Back 9

Set strategic direction and provide leadership

Front 10

Due care

Back 10

Standard care (or stewardship)

Front 11

Due diligence

Back 11

Continued effort

Front 12

Strategic alignment

Back 12

Supporting the business objectives

Front 13

Corporate culture

Back 13

Shared attitude, vision, and goal

Front 14

The foundation of the information security program is

Back 14

Governance

Front 15

An information security program must be_____with business objectives

Back 15

Strategically aligned

Front 16

True or False: Information security is not an IT function

Back 16

True

Front 17

Owner

Back 17

Management responsible for a subset of data

Hint 17

1.3 Security and Risk Management

Front 18

Custodian

Back 18

Responsible for protection mechanisms

Hint 18

1.3 Security and Risk Management

Front 19

User

Back 19

Expected to follow operating procedures.

Hint 19

1.3 Security and Risk Management

Front 20

CISO

Back 20

Chief Information Security Officer

Hint 20

1.3 Security and Risk Management

Front 21

ISM

Back 21

Information Security Management

Hint 21

1.3 Security and Risk Management

Front 22

Privacy officer

Back 22

Subject matter expert for disclosure of data

Hint 22

1.3 Security and Risk Management

Front 23

Physical security officer

Back 23

Areas included surveillance and guards

Hint 23

1.3 Security and Risk Management

Front 24

Policy

Back 24

High-level statement

Hint 24

1.4 Security and Risk Management

Front 25

Standard

Back 25

Mandatory specification

Hint 25

1.4 Security and Risk Management

Front 26

Accountability

Back 26

process of tracing actions to a source

Hint 26

1.1 Security and Risk Management

Front 27

Authentication

Back 27

Positive ID of a person or system

Hint 27

1.1 Security and Risk Management

Front 28

Authorization

Back 28

Granting users or systems access to resources

Hint 28

1.1 Security and Risk Management

Front 29

Accounting

Back 29

Logging of access and resources utilization

Hint 29

1.1 Security and Risk Management

Front 30

Assurance

Back 30

Confidence that the controls work to protect system

Hint 30

1.1 Security and Risk Management

Front 31

Symmetric Key crypto system

Back 31

Use a shared key available to all users

Front 32

Asymmetric key crypto system

Back 32

Uses individual combinations of private and public key for each user

Front 33

Data at rest or data stored

Back 33

Resides in a permanent location (hard drive, usb, cloud storage, backup tapes)

Front 34

Data in motion or “on the wire”

Back 34

Data being transferred on a network between two systems

Front 35

Data in motion confidentiality risk example

Back 35

Eavesdropping attacks

Front 36

Data at rest confidentiality risk

Back 36

Theft of physical devices

Front 37

Before a message is put into coded form it is known as

Back 37

Plaintext

Front 38

Message integrity is enforced through

Back 38

Encrypted message digest known as digital signatures

Front 39

Integrity can be enforced by

Back 39

Public and secret key

Front 40

Cryptographic algorithm to encrypt the plaintext message and produce a

Back 40

Cyphertext message

Front 41

Cryptographic algorithms rely on what to maintain their security

Back 41

Keys

Front 42

Kerchoff’s Principle

Back 42

is that a cryptographic system should be secure even if everything about the system, except the key is known

Front 43

Algorithm

Back 43

A set of mathematical rules that dictates enciphering and deciphering processes

Front 44

Cryptographic keys are referred to as

Back 44

Cryptovariables

Front 45

Creating and implementing secret codes and ciphers

Back 45

Cryptography

Front 46

The study to defeat codes and ciphers

Back 46

Cryptanalysis

Front 47

Together, cryptography and cryptanalysis are commonly referred to as

Back 47

Cryptology

Front 48

Specific implementations of a code or cipher in hardware and software are known as

Back 48

Cryptosystems

Front 49

defines the hardware and software requirements for cryptographic modules that the federal government uses.

Back 49

FIPS 140-2 (Federal Information Processing Standard)

Front 50

One-way function

Back 50

a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

Front 51

Initialization Vectors

Back 51

are used to create unique ciphertext every time the same message is encrypted using the same key.

Front 52

Zero-knowledge proof

Back 52

to prove your knowledge of a fact to a third party without revealing the fact itself to that third party.

Front 53

Split knowledge

Back 53

separation of duties and two-person control contained in a single solution is called

Front 54

You can measure the strength of a cryptography system by measuring the effort in terms of cost and/or time using a

Back 54

Work function/work factor

Front 55

cryptographic systems of symbols that represent words or phrases, are sometimes secret

Back 55

Codes

Front 56

are always meant to hide the true meaning of a message

Back 56

Ciphers

Front 57

Transposition ciphers

Back 57

an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.

Front 58

Substitution ciphers

Back 58

use the encryption algorithm to replace each character or bit of the plaintext message with a different character. The Caesar cipher

Front 59

Vigenère ciphers

Back 59

uses a single encryption/decryption chart

Front 60

Similar ciphers

Back 60

The only difference is the key length. The Caesar shift cipher uses a key of length one, the Vigenère cipher uses a longer key (usually a word or sentence), and the one-time pad uses a key that is as long as the message itself.

Front 61

Running key cipher or book cipher

Back 61

the encryption key is as long as the message itself and is often chosen from a common book.

Front 62

Confusion

Back 62

occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key.

Front 63

Confusion

Back 63

occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key.

Front 64

Diffusion

Back 64

occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Front 65

Data Encryption Standard (DES)

Back 65

56-bit key

Hint 65

Modern day keys use @ least 128-not keys