Security Concerns
What are the components of the CIA triad?
Confidentiality, Integrity, Availability
Give an example of Device Hardening
Anti Virus, Patching, enabling passwords, disabling unused features, etc.
What is Least Privilege? What is Implicit Deny?
Least Privilege: Assign as few rights and permission as possible
Implicit Deny: Access Controls should deny access by default
What is Metadata?
data we use in the background
What is bloatware?
pre-installed software you do not utilize
Give an example of Social Engineering and explain what it means
Authority, Intimidation, Consensus, Scarcity, Familiarity, Urgency
What is an infection vector?
The route the virus takes to infect your device
Who decides access in Discretionary Access Control settings?
The owner of the company
What are the triple A's?
Authentication, Authorization, Accounting
What is the difference between symmetric and asymmetric encryption
symmetric uses one key (faster), asymmetric uses two keys
Man in the middle is a problem with which component of the CIA triad?
Integrity
What is heuristics?
Knowledge and analysis of virus-like behavior
Give an example of non repudiation
video surveillance, biometrics, signature, receipt
What is Replay? (Hint: it is a threat to integrity)
when a person captures your response in an attempt to gain access
What is a VPN?
A virtual private network is an encrypted tunnel to send things securely
Describe Shoulder Surfing and Dumpster Diving
Shoulder Surfing: Looking over someone's shoulder to capture their pin/password
Dumpster Diving: Going into someone's trash to find any documents with PII
What is the most simple way to protect your company from a social engineering attack?
User education
Give an example of Multifactor Sign in
could be a combination of something you know, something you have, something you are, and somewhere you are
If your computer has a virus, what should be your first step to prevent spread to other devices?
Disconnect from the network (quarantine)
What is an example of a dictionary approach and a brute force approach when password cracking?
dictionary approach tries to use everyday words/names in your password, brute force is any combination of letters/numbers/symbols
What does UPS stand for and what component of the CIA triad is it connected to?
Universal Power Supply, Availability
Describe Phishing, Whaling, Spear Phishing, Pharming, and Vishing
Phishing: email messages that try to trick the recipient into visiting a fake website to steal their credentials.
Whaling: emails directed towards higher up people in the company
Spear Phishing: when the email uses specific recipient name and email
Pharming: attacks that redirect traffic to a different website IP
Vishing: Uses the phone
What is a hardware token, what is a software token?
hardware token: smart card or key fob, one time password token generator
software token: stored on a computer or smartphone
The teachers at PPCHS all have access to Canvas, Kahoot, and Focus. What Authorization Access Model is this an example of?
Role Based Access Control
Describe Raid 0, Raid 1, and Raid 5
Raid 0 is Striping, Raid 1 is Mirroring, Raid 5 is Striping with mirroring