A
A framework that verifies identities and provides adequate permissions.
Access control
Method of cryptography that utilizes a single private key.
Symmetric Cryptography
A weakness in a system that can be exploited
Vulnerability
A classical cipher that works by changing one character out for another.
Substituation Cipher
Produces a fixed length output from any sized input
Hash Function
The process of reviewing security controls, policies, and procedures to ensure compliance.
Auditing
Type of risk assessment based on the monetary value of assets?
Quantitative Risk assessment
Risk assessment, monitoring, incident response, auditing, and access control are all apart of what?
Security Operations
What vulnerability mitigation strategy focuses on relying on 3rd parties to handle risk.
Transfer
The risk mitigation strategy that focuses on fixing or eliminating the risk internally.
Reduce
A security system that monitors host behavior and prevents malicious attacks.
Host-Intrusion Prevention System
An application of cryptography that ensure nonrepudiation?
Digital Signature
The access control model where the owner determines the who can access the resource and what permissions they have?
Discretionary Access Control
An employee uses a weak password and falls for a phishing email; identify the risk, threat, and vulnerability.
Risk: unauthorized access
Threat: phishing email
Vulnerability: weak user credentials
A cryptanalysis attack where the attacker has access to the decryption algorithm.
Chosen Ciphertext Attack
4 Components of Access Control and what they do?
Identification - claiming identity
Authentication - verify identity
Authorization - assign perms to identity
Accounting - track identity
The standards organization that develops standards for electrical systems, electronics, and industrial systems.
IEC (International Electrotechnical Commission)
A type of control that focuses on users and processes rather than computers.
Administrative Control
A penetration testing technique where the tester has partial knowledge of the systems.
Gray-box testing
A standards organization responsible for the TCP/IP protocol standardization, helping determine how the internet operates.
IETF (Internet Engineering Task Force)
In order, what are the 6 steps of Change management?
Request, Impact Assessment, Approval, Building/Testing, Implementation, Monitoring
An international university in the US collects student information and credit card data for tutoring payments. What laws or regulations may this university be subject to?
GDPR, FERPA, PCI DSS
The key in asymmetric cryptographic that is used to decrypt a message?
Private key
This type of cryptography scales well in environments with many recipients but suffers when encrypting bulk data.
Asymmetric cryptography.
What are the 5 types of authentications and one example for each (+50 per example).
Knowledge, Ownership, Characteristics, Location, Action