Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
54 Cards in this Set
- Front
- Back
Identify examples of items that implement the three principles of the CIA triad.
A. Backups that enable recovery of information after an incident. B. Management controls to protect information so that it remains accurate. C. Users recording passwords on notepads D. Business recovery plans to prevent downtime. E. Unscheduled downtime to preserve the integrity of information. |
A. B. D. |
|
Techical Controls (4) |
Access control Audit and Accountability Identification and Authentication System and Communications Protection |
|
Operational Controls (9) |
Awareness and Training Configuration Management Contingency Management Contingency Planning Incident Response Maintenance Media Protection Physical and Environmental Protection Personnel Security System and Information Integrity |
|
Access control encludes: |
Identification, Authentication, and Authorization |
|
Management Controls (5) |
Certification and Accreditation Planning Risk Assessment System and Services Acquisition Program Management |
|
Identification can include the following: |
Biometrics, Personal ID verification card, and Username |
|
Authentication can include the following: |
Passwords, Token (RSA secure ID), Common access Card, Smart card (must be accompanied by a PIN to complete auth) |
|
HMAC |
Keyed Hash Method Authentication Code
Uses cryptographic hashed functions |
|
TOTP |
time based one time password. Based on HOTP but offers a time factor. A new password is generated each time. |
|
HTOP |
Came before TOTP but is not as secure |
|
CHAP |
Challenge handshake authentication protocol |
|
PAP |
Password authentication protocol - vary basic and not secure because it sends the password in plaintext. |
|
Single Sign-on |
Used so that the end users can login once and get access to all systems. They only have to enter a complex password once. |
|
Access control |
Can be look at a system to controls who has access and at what level they have access to information. |
|
Implicit Deny |
Anything not in a specific ACL are not permitted. This can be firewalls, routers, and file permissions |
|
Trusted OS |
Something created by the federal government |
|
Authentication Factors |
Something you are, something you have (token or card), something you know (password or PIN), Somewhere you are, or something you do.
Multifactor and two factor
|
|
Authorization |
Once a user has been Identified and authenticated they will become authorized.
This could be in the form of: Permissions, Access control lists, or Physical-access barriers |
|
Factors of Authorizations |
*Least Privilege - *Separation of Duties - mission critical tasks, not falling back to one person with all access. *Time-of-day Restrictions - cutting back on when a users can access a system or information after hours. |
|
Rule-Based Access Controls (RBAC) |
Defined by a set of rules that allow users to access systems, resources, or data. |
|
Role-based access control |
Based upon the users role and based on the role the user will be added to a specific group. |
|
Mandatory Access Control |
Based upon specific individual and the information that that individual comes in contact with. access to it. Data clearance levels. Restricted, Secret, or Top Secret.
Data classification: Public, restricted, secret, top secret, etc. |
|
Discretionary Access Control |
Model based approach. Can come from administrators, director, etc. Commonly seen in the Windows OS through file permissions. |
|
AD Federation |
Active directory federation services with Windows OS. Located across organizational boundaries. Provide users with SSO capabilities. |
|
Transitive Trust |
Multiple domains can trust each other. |
|
Which examples implement the principles of the CIA triad?
A. An active malicious code system that protects organizations from DoS attacks. B. Data that is transferred by word of mouth to ensure integrity. C. Data classification to ensure information is available on a need-to-know basis. D. Unencrypted data that can be accessed by the general public. E. Secure update programs that limit access of information to specific authorized users. |
A. C. E. |
|
Which actions are parts of the authentication process?
A. An employee removes his sunglasses so a guard can see his face clearly B. A client is issued a one time password determined by algorithms to verify their identity C. An employee undergoes iris scanning and enters a password to access information. D. A user uses a bank card containing digital certifications and an associated personal ID number to withdraw money. |
C. D. |
|
Which actions are being used to confirm a user's authorization to access information.
A. A user can access the network only at certain times of the day. B. The system administrator inserts a unique card into a machine and the enclosed digital certificate is read. C. Only uses from the HR department may access information in a certain folder. D. A visitor enters a personal ID number into the system. |
A. C.
|
|
Which actions could potentially be examples of remote social engineering.
A. A user visits a web site and can't browse further because various pop-up windows disrupt the session. B. A user receives a notification from their virus scanner, informing them that a virus is detected on their computer. C. A user receives an email message that claims to be from a banking web page, asking users to log on via a URL in the email. D. A representative at a mobile service provider phones a user, asking them to verify their account details. |
C. D. |
|
Malware types |
Adware, Spyware, Randsomeware, Virus (Must be executed, boot sector, polymorphic, worms, macro) |
|
Armored Viruses |
These types of viruses make it difficult for anyone to analyze the malware fully. |
|
Trojan Virus |
Most commonly opens a backdoor on the compromised system. Backoraphus is a well known virus. Usually well hidden under name that is easily overlooked or hidden. Does not take up very much system resources. |
|
Rootkit Virus |
Tries to be undetectable. The best ones run at the administrator level. (application, library, kernel, virtualized, and firmware) |
|
Polymorphic Virus |
It can change its go each time that it runs, which makes signatures ineffective, but the functionality remains the same. |
|
Backdoor |
Get around the security measures and created a connection to the remote server. Many backdoors are shared among hackers. |
|
AV Providers |
Symantec, McAfee, Kaspersky, Sophos, Bitdefender, Trend Micro, Panda
Anti-spyware is often included in these solutions. |
|
Social Engineering come: |
In person, over the phone, email, instant message, sms, etc ... |
|
In personal social engineering principles |
Authority, Intimidation, Trust, Consensus or social proof, Scarcity, Urgency, Familiarity or liking.
The more traditional approach. (dumpster diving, |
|
Insider attack mitigation |
- Developing insider incident response plan - Documenting and enforcing control and policies - Managing negative workspace issues - Providing security-awareness training. |
|
Confidentiality of data |
Unwanted access by a person or system. How sensitive is the information. What levels of access should be created.
Encryption - clear text converted into ciphertext then decrypted back into cleartext.
Access controls Seganography
|
|
Integrity of data |
Used to verify that the data has not been altered when in movement and at rest.
Example - implementation of a data base, revision of a data base, and backups of data.
Goals: We can use Hashing, Digital signature, certificates, and Nonrepudiation (more on the legal side) for data integrity. |
|
Availability of data |
Making sure that the resources are available for the users to do their jobs safely and on time. |
|
Email Hoax |
Something revolving around a world issue, usually involving the attacks friends, family, or loved ones. |
|
Spam |
Just unsolicited commercial bulk email. The use Spambots to look for active emails.
SPIM - spam through instant messaging
SPIT - Spam over VoIP |
|
Phishing and Spear Phishing |
Emails sent by attacks that are trying to get access into your accounts and personal information. Links will usually look legitimate but have been crafted by the attacker to redirect the users to a site that appears familiar to them.
SP - targeted at a specific industry or users that is not an upper level manager or VIP |
|
Pharming |
Attack against a DNS server or changing the host file of a victim's systems. |
|
Vishing |
Uses phones instead of emails |
|
Whaling |
Directed at an organization or person higher up in the organization. |
|
Application Awareness |
Some apps will have built in attack defense mechanisms.
Chrome, Firefox, Email, etc. |
|
Anti Spam Solutions |
Barracuda Norton Anti spam Spam Assassin Spam Eater SPAMfighter Pro |
|
As the network security specialist for my organization, I have been tasked with creating a document to present to my board of directors that will explain how the CIA triad can increase our network security and how control types are used. |
Questions to follow: |
|
You want to include some examples in your presentation to show how CIA principles will increase security in your organization. (Which should be included)
A. Checking logs to ensure that information is not unduly altered. B. Implementing full and incremental Backups of customer information C. Encrypting all senior management emails and attachments D. Asking users to keep password lists on their desks for easy access to resources. E. Creating unscheduled downtime tests to guarantee integrity of information. |
A. B. C. |
|
Match the NIST security control classes to the corresponding examples of controls.
1. A receptionist who monitors the people that enter and exit company premises. 2. A framework for the management of information system security. 3. Spam-filtering software that checks for potentially harmful mail on host. |
1. B 2. A 3. C |
|
Phishing is a social engineering attack that functions on the basis of misrepresentation. The purpose of this attack is to obtain sensitive or confidential information. (Which are examples of phishing)
A. Your phone rings and when you pick up, it's an unknown caller trying to sell you life insurance. B. You receive a text message requesting that you verify our account details at a social networking site. C. You receive an IM from someone not on your buddy list, offering you a free music download. D. You receive a call from someone looking for your password. The caller claims to be a helpdesk representative but isn't one. |
B. D. |