Overview
User Auth
Access Control
Intro to Crypto
software Security
100

A loss of what is the unauthorized disclosure of info 

Confidentiality 

100

This is a wide used defense against intruders 

Passwords or password system

100

what is the granting of a right or permission to a system entity to access a system resource.

Authorization

100

this is also referred to as single key encryption

asymmetric 

100

Incorrect handling of program _____ is one of the most common failings in software security

Input

200

An example of what threat action is in which sensitive data are directly resealed to an unauthorized entity?

Exposure 

200

This is the data structure that authorivately binds an indemnity & attributes to a token

Credential 

200

what access control based on comparing security labels with security clearances.


MAC

200

The purpose of what is ro produce a fingerprint of a file message or block of data?

Hash Function

200

This refers to a wide variety of attacks based on the invalid handling of input data

Injection attacks

300

A what is a threat that if carried out and successful leads leads to an undesirable violation of security, or threat consequence

attack

300

An institution that issues debit cards to cardholders and is responsible for the  cardholder’s account and authorizing transactions is the?

Issuer

300

The analogy of “who you are” + “what you’re doing” + “where/when you’re doing it” + “when you want to access it” is in reference to which access control that we learned about?

Attribute Based

300

Encryption protects against what kind of attacks?

Passive or eavesdropping

300

Improper Neutralization of Special Elements used in an SQL Command” is in which CWE Top 25 software error category?

Insecure Interaction between components

400
  • Misappropriation and misuse are attacks that result in what threat consequences.

Usurpation

400


An organization can choose between a range of user authentication technologies based on a degree of what in the identity proofing and authentication processes.

confidence

400

The purpose of access control is to implement a security policy that limits access to who? given their ?

Authorized Users & Access Type

400

The Hash Property, Given only x,  it must be hard to find y such that H(x) = H(y). This is known as?

second Preimage resistant

400

This is when multiple processes and threads compete to gain uncontrolled access to some resource.

Race Conditons
500

Name 3 security principles 

Economy of mech, fail safe defaults, complete mediation, open design, separation of privacy, least common mech, psychological acceptability Isolation, Encapsulation, Modularity, Layering, least astonishment

500

one of the simplest hardware tokens is a what device?

One time password


500

In RBAC what are the constraints?

Mutually exclusive roles, cardinality, prerequisites roles

500

protection against active attacks such as falsification is known as what?

Message Authentication

500

What are the categories of software security issues?

Insecure Interaction between components, Risky Resource Management, Porous Defenses

M
e
n
u