sec + midterm

Flashcards by maxwell3254, updated more than 1 year ago


Flashcards on sec + midterm, created by maxwell3254 on 03/29/2015.

Resource summary

Question Answer
a concept that indicates exposure to the chance of damage or loss Risk
Which algorithm is a hashing encryption algorithm? Secure Hash Algorithm (SHA)
Personal info, company info, and info about intellectual property must be protected Prevention
CIA triad includes: Confidentiality Integrity Availability
A system in which objects are assigned security labels of varying levels, depending on the object's sensitivity Mandatory Access Control (MAC)
physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information Tokens
a type of authentication that relies on detailed info that describes exactly when a keyboard key is pressed and released as someone types info into a computer Keystroke Authentication
this algorithm is modeled after MD5 and is considered the stronger of the two Secure Hash Algorithm (SHA)
an email-based or web-based attack that is intended to trick the user into performing undesired actions, such as deleting files in an attempt to remove a virus Hoax
an increasingly popular variety of malware in which an attacker infects a victim's computer with code that restricts the victim's access to their computer or the data on it Ransomware
a formalized statement that defines how security will be implanted within a particular organization Security Policy
a virus that is able to alter its decryption module each time it infects a new file Polymorphic malware
they attempt to trick or shield themselves from antivirus software and security professionals Armored viruses
an attack that occurs when the security level of a system is at its lowest, immediately after the discovery of a vulnerability Zero day exploit
a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means Denial Of Service (DOS) attack
Data security must be applied at every level of an organization including : The physical environment : All devices and systems : All mobile devices used for business
refers to gaining access to data through unintentional user methods such as email and instant messaging, and the use of mobile devices Data Leakage
the practice of monitoring for, obtaining, evaluating, testing, and deploying software patches and updates Patch management
an attacker takes advantage of the trust established between an authorized user of a website and the website itself. It exploits a web browser's trust in a user's unexpired cookies Cross-site request forgery (XSRF)
For relational databases, security measures include: -Role-based security config parameters -Encrypted comms -Access control -User-level permissions for stored procedures
a hardware, firmware, and software component of a computer system that is responsible for ensuring that the security policy is implemented and the system is secure Trusted Computing Base (TCB)
the screen lock option on all mobile devices should be enabled with strict requirements on when the device will be locked Enable screen lock
the process of actively adding geographical identification metadata to an app or its data Restrict geo-tagging
You may need to re-evaluate the openness of certain rooms and systems in order to control for this threat Control for on-board camera, microphone, and video use
a network device that manages the info of any applications that interface with it. This info includes the state of apps and the resources they require to designate resources across the network Application aware device
Organizations can exercise greater control over the privacy and security of their services. This method is geared more toward banking and gov't services that require strict access control Private cloud services
refers to using the cloud to provide access to any or all infrastructure needs a client may have Infrastructure as a Service (IaaS)
self-allocates addresses randomly from a small range of to Automatic Private IP Addressing (APIPA)
-disabling unnecessary services -closing unused ports -regularly applying the appropriate patches -hiding responses from ports that indicate their status and allow access pre-configured ports only Port Security measures
use the principle of implicit deny so that the firewall blocks any traffic it does not require Implicit Deny
symmetric algorithms DES, 3DES AES, Blowfish Twofish, RC 4,5,6
any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately Password attack
software attacks that are targeted at web-based and other client-server applications Application attacks
access points on a network that fool users into believing they are legitimate Evil twins
it is important to always consider what is happening inside an organization, especially when physical security is concerned Internal
physical threats that can be internal or external, intentional or accidental Man-Made
an approach to securing systems and their data against attack that incorporates many different avenues of defense is called... Layered security
a cryptoprocessor device that can be attached to servers and comps to provide digital key security. The modules can provide a number of security functions HSM
a password that meets the complexity requirements that are set by a system admin and documented in a security or password policy Strong password
has the monitoring capability of an IDS, but actively works to block any detected threats Intrusion Prevention System (IPS)
a general term for the collected protocols, policies, and hardware that govern access on device network interconnections, provides an additional layer of security Network Access Control (NAC)
a point to point logical network that is created by grouping selected hosts together using a switch or router Virtual Local Area Network (VLAN)
directory access protocol that runs over TCP/IP networks. The schema is extensible, which means you can make changes or add on to it Lightweight Directory Access Protocol (LDAP)
Directory service vulnerabilities DoS/DDoS Unencrypted transmission of data MATM Packet sniffing/Capture attacks Buffer overflow Security or user/admin accounts
a data transport technique that can be used to provide remote access in which a data packet is encrypted and encapsulated in another data packet in order to conceal the info of the packet inside Tunneling
internet protocol combo of PPTP and Layer 2 Forwarding (L2F) that enables the tunneling of PPP sessions across a variety of network protocols Layer Two Tunneling Protocol (L2TP)
an authentication protocol that sends user IDs and passwords as plaintext. Generally used when a remote client is connecting to a non-windows server that does not support strong password encryption Password Authentication Protocol (PAP)
publicly available email security and authentication utility that uses a variation of public key cryptography to encrypt emails. Pretty Good Privacy (PGP)
an area of info security that is used to identify individuals within a comp system or network Identity Management
Show full summary Hide full summary


CompTIA Security+
michael smith0754
SY0-401 Part 1 (50 questions)
Security + Practice
Elise Berg
Ch 5 - Networking & Server Attacks
C Danvers
CH3: OSI Layers, Devices, and Protocols
Brent Jerdo
Ch 6 - Network Security Devices, Design, and Technology
C Danvers
Ch 3 - Basic Cryptography
C Danvers
Ch 7 - Administering a Secure Network
C Danvers
CH3: Well-Known Ports
Brent Jerdo
Ch 2 - Malware & Social Engineering
C Danvers
Ch 4 - Advanced Cryptography
C Danvers