Maintaining control over your information systems and data is the goal of this discipline.
What is information security?
100
The mechanism by which a person proves their identity to a system.
What is authentication?
100
Disabling unneeded services, taking advantage of an OS's native security features, and installing add-on applications to make a system more secure.
What is hardening a system?
100
This cryptographic operation protects privacy.
What is encryption?
100
Requirement that the user must provide two or more authentication factors in order to prove their identity.
What is multi-factor authentication?
200
A weakness in your systems that could allow an attacker to infiltrate your systems.
What is a vulnerability?
200
Determining the permissions of a user.
What is authorization?
200
Social engineering attack focused on stealing credentials or identity information from any potential target.
What is phishing?
200
This cryptographic operation monitors integrity.
What is hashing?
200
In PKI, this is a trusted third party that verifies the indentity of an organization's PKI certificates.
What is a Certificate Authority (CA)?
300
ARO * SLE = ALE
What is the formula to analyze risk?
300
Keeping track of what people are doing/attempting to do.
What is accounting?
300
Using unexpected input to a web application to gain unauthorized access to an underlying database.
What is a SQL injection?
300
SHA, MD, HMAC, and HAVAL are examples of this type of algorithm.
What are hashing algorithms?
300
Background checks are an example of this kind of control.
What are management controls?
400
Giving employees the least amount of access so that they cannot perform beyond scope.
What is the principle of least privilege?
400
A protocol used to authenticate network principles to other entities on the network. Uses KDC and TGT.
What is Kerberos?
400
In this attack, an attacker submits data to a process that is larger than the size of a variable, the extra data is written into the process' memory, and the data may execute as a fully privileged operation.
What is a buffer overflow attack?
400
AES, DES, Blowfish, and RC4 are examples of this type of algorithm.
What are encryption algorithms?
400
Firewall filters are an example of this kind of control.
What are technical controls?
500
Security controls can be classified into these three types
What are tecnical, management and operational controls?
500
A protocol that enables clients to lookup entries in a directory service.
What is LDAP?
500
A form of phishing that targets specific high-value individuals and sends messages tailored to the needs and interests of those individuals.
What is whaling?
500
The theory of transitive trust (if A trusts B and B trusts C, then A can trust C) is a critical principle that lies behind this key-distribution method.
What is a public key infrastructure (PKI)?
500
In this authorization model, access is granted solely on a set of rules.