AUTHENTICATION & MODELS
A form of access control where the resource owner determines access
What is Discretionary Access Control (DAC)?
A device that connects different networks and forwards packets based on IP addresses.
What is a Router?
The secure replacement for HTTP that encrypts web traffic using TLS.
What is HTTPS (or port 443)?
The component of Quantitative Risk Analysis calculated by multiplying the Asset Value (AV) by the Exposure Factor (EF)
What is Single Loss Expectancy (SLE)?
These mandatory "step-by-step" instructions ensure consistent execution of security tasks.
What are Procedures?
Your password or PIN represents this authentication factor
What is Something You Know (or knowledge)?
This perimeter network hosts public-facing services (like web and mail servers) and is isolated from the internal LAN.
What is the Demilitarized Zone (DMZ)?
The protocol used for secure remote access that typically uses port 22.
What is SSH (Secure Shell)?
This risk response strategy means reducing the likelihood or impact of a risk by implementing controls.
What is Mitigation?
This high-level document defines allowed and forbidden use of organizational resources and systems.
What is the Acceptable Use Policy (AUP)?
This strict, rule-based access control model is often used in government or military settings and assigns classifications to data and users.
What is Mandatory Access Control (MAC)?
A type of firewall that operates at the application layer and protects against attacks like SQLi and XSS.
What is a Web Application Firewall (WAF)?
A service that converts private IP addresses to a public IP address, helping to hide the internal network structure.
What is NAT (Network Address Translation)?
This metric defines the maximum acceptable data loss in an organization after a failure.
What is Recovery Point Objective (RPO)?
The individual or entity that determines the purpose and means of processing personal data under regulations like GDPR.
What is the Data Controller?
An access control model where permissions are tied to job functions or groups rather than specific individuals.
What is Role-Based Access Control (RBAC)?
A process that uses logical segmentation at Layer 2 to limit broadcast domains and lateral movement.
What are VLANs (Virtual Local Area Networks)?
The protocol that uses digital signatures to validate DNS responses, protecting against cache poisoning and spoofing.
What is DNSSEC?
This metric defines the maximum acceptable downtime for a critical system after a disruption.
What is Recovery Time Objective (RTO)?
The legal right of an individual to request that an organization delete their personal data.
What is the Right to be Forgotten?
An access control model that makes decisions based on multiple criteria, such as user location, time of day, and device type.
What is Attribute-Based Access Control (ABAC)?
The core principle of Zero Trust that requires continuous authentication and verification of identity and device posture.
What is Never Trust, Always Verify?
A centralized authentication protocol for network access that uses UDP and secures only the password.
What is RADIUS?
A type of risk analysis that uses subjective estimates like "low," "medium," and "high" instead of numerical values.
What is Qualitative Analysis?
The principle that critical tasks, such as granting access and approving purchases, should require multiple people to prevent fraud or error.
What is Separation of Duties?