questions with verified answers
3DES Ans✓✓✓-Triple Digital Encryption Standard. A symmetric algorithm used to
encrypt data and provide confidentiality. It was originally designed as a
replacement for DES. It uses multiple keys and multiple passes and is not as
efficient as AES, but is still used in some applications, such as when hardware
doesn't support AES.
Acceptability Ans✓✓✓-A measure of how acceptable the particular characteristic
is to the users of the system
Ex. Slow old systems (no); Systems that require users to strip (no) Users that can
scan a finger (yes)
Accountability Ans✓✓✓-Provides us with the means to trace activists in our
environment back to their source. Depends on identification, authentication, and
access control being present so that we know who a given transaction is
associated with, and what permissions were used to allow them to carry it out
ACLs (access control lists) Ans✓✓✓-The means by which we implement
authorization and deny or allow access to parties based on what resources we
have determined they should be allowed access to .
Administrative controls Ans✓✓✓-Controls are the policies that organizations
create for governance. Ex: email policies, user policies..etc.
,Admissibility of records Ans✓✓✓-When we seek to introduce records in legal
settings, it is often much easier to do so and have them accepted when they are
produced from a regulated and consistent tracking system.
AES Ans✓✓✓-A set of symmetrical block ciphers endorsed by the us government
through NIST . Is used by a variety of organizations. It is the replacement for DES
as the standard encryption for us government . Uses 3 different ciphers one a 128
bit key one 192-bit key and one 256- bit key
Allowing access Ans✓✓✓-Let's us give a particular party or parties access to a
given resource
analysis of vulnerabilities Ans✓✓✓-3rd step in the OPSEC process: to look at the
weaknesses that can be used to harm us
Anomaly-based detection Ans✓✓✓-Analyzes the current traffic against an
established baseline and triggers an alert if outside the statistical average
Anti-malware tools Ans✓✓✓-applications detect threats in the same way as an
IDS either by matching against a signature or by detecting anomalous activities
taking place.
Application of countermeasures Ans✓✓✓-Once we have discovered what risks to
our critical information might be present, we would then put measures in place to
mitigate them. Such measures are referred to in operations security as
countermeasures.
arbitrary code execution Ans✓✓✓-Occurs when an attacker is able to execute or
run commands on a victim computer
,Assess risks Ans✓✓✓-Once we have identified the threats and vulnerabilities for
a given asset we can access the overall risk
Assess Vulnerabilities Ans✓✓✓-Identify any weaknesses that exist in our assets
Assessments Ans✓✓✓-Vulnerability and penetration testing
Asymmetrical Cryptography Ans✓✓✓-Public key utilizes 2 keys. A public key and
a private key. The public key is used to encrypt data sent from sender to receiver
and is shared with everyone
Attribute-based access control (ABAC) Ans✓✓✓-Controls access based on
attributes of the user, the resource to be accessed, and current environmental
conditions
Auditing Ans✓✓✓-Ensuring that we have accurate records of who did what and
when. Primarily focused on compliance with relevant laws and policies, and
access to and from systems and sometimes physical security
Authentication attacks Ans✓✓✓-Targets and attempts to exploit the
authentication process a web site uses to verify the identity of a user, service, or
application.
Authentication Ans✓✓✓-The act of proving who or what we claim to be
(password, pin code)
, Authentication Factor - Something you are Ans✓✓✓-Unique Physical atrributes
of an individual (Biometrics)
Height, weight, hair color..etc. (simple)
Fingerprints, iris, retina patterns, facial patter (Complex)
difficult to steal but not impossible.
Authentication Factor - Something you do Ans✓✓✓-sometimes a variation of
something you are.
based on actions or behaviors of an individual.
handwriting, time delay between keystrokes; super strong hard to falsify.
High chance of rejection to legitimate users than other factors.
Authentication Factor - Something you have Ans✓✓✓-Physical possession.
ATM card, state/federal identity card, security token. Physical phone/email
account authentication.
Authentication Factor - Something you know Ans✓✓✓-Common factor;