Access Controls
What are the 4 elements of Access Control?
Identification, Authentication, Authorization, Accountability
An algorithm that encrypts or decrypts data.
Cipher
The US standards organization whos purpose is to develop cybersecurity standards, guidelines, and best practices to improve information security.
NIST (National Institute of Standards and Technology)
The process of ensuring computer environments and security controls are working as expected.
Auditing
What terms is the actions of the security administration to plan, design, implement, and monitor an organizations environment.
Security Operations
The access control method where the resource owner decides who can access the resource.
Discretionary Access Control
A cryptographic function that maps an input of any size to a unique, fixed, irreversible output.
Hash Function
What standard protects credit card and payment data?
Payment Card Industry Data Security Standard (PCI DSS)
What are setting baselines, alarms, CCTVs, and honeypots techniques for?
Monitoring
The iterative method of software development focused on short-term sprints.
Agile development
The access control method where the resource owner determines the sensitivity level of the resource and a central system determines who and when it can be accessed.
Mandatory Access Control
A function of cryptography that prevents an entity from denying an action.
Nonrepudiation
What are 3 requirements of the Family Educational Rights and Privacy Act (FERPA)? (1OO/ans)
1. Control access to student records
2. Allow students to review and correct records
3. Require consent before disclosure
This security tool monitors hosts and stops malicious activity when detected.
HIPS (Host-based Intrustion Prevention System)
An advanced SIEM utilized by the SOC. (x2 for the acronym)
SOAR
The authentication technology that allows a single authentication event to provide access to multilple services.
Single Sign On (SSO)
In Asymmetric cryptography, what is the key used for both digitally signing a message as well as decrypting a message.
Private key
What regulation requires personal data and privacy protection of EU citizens?
General Data Protection Regulation (GDPR)
The testing method where the penetration tester knows all information about the environment.
White box testing
Name 4 operations the Security Administartion may be responsible for?
Access Control, Documentation, IT Security Policies, Disaster Assessment & Recovery, Security Outsourcing, Compliance, Data Classification
What are the 5 general methods of Authentication? (100/ans)
Authentication by:
Knowledge, Ownership, Characteristics, Actions, Location
A method of secure key exchange that utilizes both symmetric and asymmetric cryptography.
Diffie-Hellman Key Exchange
What standard dual created by ISO and IEC provides the best practice implementation of selecting, implementing, and managing InfoSec controls.
ISO/IEC 27002
What are five network mapping methods? (100/ans)
1. Ping Sweeps – Identify live hosts
2. Port Scanning – Identify open ports/services
3. Service Enumeration – Determine versions/services
4. System Fingerprinting – Determine the OS of systems
5. Topology Mapping – Understand network layout
What are the 5 steps of change management?
Request > Impact Assessment > Approval > Building/Testing > Implementation