D430 Final Exams Study Guide 2024
explain PCI DCS - An information security standard used to handle credit card payments. explain HIPAA - For organizations that set a standard to protect sensitive healthcare and patient records explain FISMA (Federal Information Security Management Act) - Defines security standards for many federal agencies in the U.S. Mandates government agencies to protect information systems. regulates federal departments in the United States. Describe CIA triad - Confidentiality, Integrity, Availability- A Security concept in infosec. Confidentiality - Our ability to protect our data from those who are not authorized to view it. Integrity - The ability to prevent people from changing your data in an unauthorized or desirable manner. Availability - The ability to access our data when we need it. Describe Parkerian Hexad - Possession/control, Authenticity, and Utility, Confidentiality, Integrity, Availability. Possession/Control - The physical disposition of the media on which the data is stored Authenticity - Allows you to say whether you've attributed the data in question to the proper owner or creator. Utility - How useful the data is to you. Types of attacks in CIA categories - C-Interception I- Interruption, Modification, Fabrication A-Interruption, Modification, Fabrication Types of control - Physical, Logical/Technical, and Administrative control physical control example - fences, gates, locks, guard Logical/Technical control example - passwords, encryption, firewalls, access controls, IDS Administrative control example - rules, laws, policies, procedures, guidelines Incident Response process - Preparation, Detection and analysis, Containment, Eradication, Recover, Post-incident activity. What is Defense in depth - multilayered defense What is a "Sandbox" - An isolated environment that protects a set of resources What is FTP (File Transfer Protocol) used for? - Used to transfer files How ports does FTP use - port 20 & 21 What is IMAP (Internet Message Access Protocol) used for? - managing email. what port does IMAP use - port 143 What is SSH (Secure Shell) used for? - To manage remote connections to systems What port does SSH use? - port 22 What is a clickjacking attack? - A client side attack where a user can be tricked into clicking on something without realizing that they did For Clickjacking, the attacker must take control of ________ or a portion of ________ to place an invisible layer over something the client would normally click on. - The website, the website Give an example of a CSRF (Cross-site request forgery) attack - An attacker embedding a link on a webpage or email, executing additional commands the attacker embedded. Describe DAC (DISCRECTIONary access control) - The owner of the resource determines who gets access to it and to what levels. (Under owners discretion) what are the 6 main access control modes. - Role-based access control, Rule-based access control (RBAC), Discretionary access control (DAC), Mandatory access control (MAC), and Attribute-based control (ABAC), Multilevel Access Control What are Access Control Models - A way of determining who should b allowed access to what resources.
Written for
- Institution
- D430
- Course
- D430
Document information
- Uploaded on
- December 11, 2023
- Number of pages
- 8
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
- d430
-
d430 final exams study guide 2024