Principles of Security
In computer security, this term refers to a situation where a security flaw is discovered and attackers exploit it before developers can create a patch.
What is a zero-day vulnerability?
This common type of attack uses a huge volume of traffic to overwhelm a system or network.
What is a Distributed Denial of Service (DDoS) attack?
This basic authentication method requires a user to provide a name and a secret string of characters.
What is Username and Password?
In public-key encryption, this key is made available to everyone.
What is the Public Key?
This defines the high-level goals, rules, and standards in access control.
What are Access control policies?
This principle of the CIA triad ensures that only authorized parties can view the data.
What is Confidentiality?
This type of attack involves an attacker trying to guess or use systematic combinations to break into an account.
What is a Brute Force attack?
This form of authentication requires users to provide two or more verification methods.
What is Two-Factor Authentication (2FA)?
This is the process of converting plaintext into a coded version using a key.
What is Encryption?
This commonly used acronym represents the principle that grants users only the access they need to perform their roles.
What is "Least Privilege"?
This is the practice of ensuring that a system runs with only the necessary access rights.
What is the Principle of Least Privilege?
This type of security threat involves intercepting and relaying messages.
What is Man-in-the-Middle?
This authentication method is based on users' unique physical or behavioral characteristics.
What is Biometric Authentication?
In digital signatures, this key is used to sign the document.
What is the Private Key?
A list of permissions attached to an object is known as this.
What is an Access Control List (ACL)?
This type of security model uses labels (like classified, secret, top secret) to determine access.
What is a Mandatory Access Control (MAC) Model?
This type of attack relies on flaws in the human element of security, rather than technical vulnerabilities.
What is Social Engineering?
When used alone for user authentication, all these techniques are vulnerable.
What are Password-based, Token-based, and Biometric-based?
In public-key encryption, if Bob wants Alice to send him a secret message, he provides her with this.
What is Bob's Public Key?
This type of access control is based on a user's role within an organization.
What is Role-Based Access Control (RBAC)?
This principle involves multiple layers of security, ensuring that if one mechanism fails, another can provide protection.
What is Defense in Depth?
This sophisticated attack involves a series of malicious activities carried out in stages to avoid detection.
What is an Advanced Persistent Threat (APT)?
This cryptographic method provides both authentication and data integrity by producing a fixed-size output from input data of any size.
What is Hashing?
In public-key encryption, anyone can use this to encrypt a message, but only the receiver can decrypt it using their private key
What is the receiver's public key?
Once authenticated, this process determines what actions, areas, or data the user is permitted to access.
What is Authorization?