Show:
A
B
C
D
E
100

A framework that verifies identities and provides adequate permissions.

Access control

100

Method of cryptography that utilizes a single private key.

Symmetric Cryptography

100

A weakness in a system that can be exploited

Vulnerability

100

A classical cipher that works by changing one character out for another.

Substituation Cipher

100

Produces a fixed length output from any sized input

Hash Function

200

The process of reviewing security controls, policies, and procedures to ensure compliance.

Auditing

200

Type of risk assessment based on the monetary value of assets?

Quantitative Risk assessment

200

Risk assessment, monitoring, incident response, auditing, and access control are all apart of what?

Security Operations

200

What vulnerability mitigation strategy focuses on relying on 3rd parties to handle risk.

Transfer

200

The risk mitigation strategy that focuses on fixing or eliminating the risk internally.

Reduce

300

A security system that monitors host behavior and prevents malicious attacks.

Host-Intrusion Prevention System

300

An application of cryptography that ensure nonrepudiation?

Digital Signature

300

The access control model where the owner determines the who can access the resource and what permissions they have?

Discretionary Access Control

300

An employee uses a weak password and falls for a phishing email; identify the risk, threat, and vulnerability.

Risk: unauthorized access

Threat: phishing email

Vulnerability: weak user credentials

300

A cryptanalysis attack where the attacker has access to the decryption algorithm.

Chosen Ciphertext Attack

400

4 Components of Access Control and what they do?

Identification - claiming identity

Authentication - verify identity

Authorization - assign perms to identity

Accounting - track identity

400

The standards organization that develops standards for electrical systems, electronics, and industrial systems.  

IEC (International Electrotechnical Commission)

400

A type of control that focuses on users and processes rather than computers.

Administrative Control

400

A penetration testing technique where the tester has partial knowledge of the systems.

Gray-box testing

400

A standards organization responsible for the TCP/IP protocol standardization, helping determine how the internet operates.

IETF (Internet Engineering Task Force)

500

In order, what are the 6 steps of Change management?

Request, Impact Assessment, Approval, Building/Testing, Implementation, Monitoring

500

An international university in the US collects student information and credit card data for tutoring payments. What laws or regulations may this university be subject to?


GDPR, FERPA, PCI DSS

500

The key in asymmetric cryptographic that is used to decrypt a message?

Private key

500

This type of cryptography scales well in environments with many recipients but suffers when encrypting bulk data.

Asymmetric cryptography.

500

What are the 5 types of authentications and one example for each (+50 per example).

Knowledge, Ownership, Characteristics, Location, Action