Security + flashcards

What are the four categories of security controls

Administrative controls, Technical controls, Physical controls, and Operational controls

What are examples of technical security controls

Firewalls, encryption, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and antivirus software

What are administrative security controls

Policies, procedures, Incident Response Plans (IRP), Business Continuity Plans (BCP), and data classification

What are physical security controls

Fences, cameras, gates, and guards

What are operational security controls

Controls performed by people that support and implement other security controls

What are the security control types by purpose

Preventive, deterrent, detective, corrective, compensating, recovery, and directive

What are preventive controls

Controls designed to stop security incidents before they occur

What are examples of preventive controls

Encryption, application filtering, and access control systems

What are deterrent controls

Controls intended to discourage attackers

What are examples of deterrent controls

Warning signs, cameras, and guards

What are detective controls

Controls that identify and record security events

What are examples of detective controls

Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM), and cameras

What are corrective controls

Controls that remediate issues after detection

What are examples of corrective controls

Backup and restore processes, Incident Response Plans (IRP), and Disaster Recovery Plans (DRP)

What are compensating controls

Alternative controls used when primary controls cannot be implemented

What are examples of compensating controls

Network segmentation and virtualization

What are recovery controls

Controls that restore systems and operations after an incident

What are examples of recovery controls

Backups, Disaster Recovery Plans (DRP), and Business Continuity Plans (BCP)

What are directive controls

Controls that direct user behavior

What are examples of directive controls

Acceptable Use Policy (AUP), password policy, and data classification policy

What is the CIA triad

Confidentiality, Integrity, and Availability

What is confidentiality

Ensuring data is accessible only to authorized users

What is integrity

Ensuring data remains accurate and unaltered during storage and transmission

What is availability

Ensuring authorized users have reliable and timely access to systems and data

What concepts support the CIA triad

Non repudiation, authenticity, accountability, and principle of least privilege

What is non repudiation

Ensuring users cannot deny actions they performed

What is authenticity

Verifying the legitimacy of users devices and data

What is accountability

Tracking and logging actions so users can be held responsible

What is the principle of least privilege

Granting only the minimum access necessary to perform job functions

What is authentication

The process of verifying the identity of a user or system

What are authentication factors

Something you know, something you have, something you are, somewhere you are, and something you do

What is authorization

Granting permissions to authenticated users

What is DAC

Discretionary Access Control where data owners determine access permissions

What is MAC

Mandatory Access Control where a central authority enforces access using security labels

What is RBAC

Role Based Access Control where permissions are assigned based on job roles

What is rule based access control

Access decisions made using predefined rules and conditions

What is AAA

Authentication Authorization and Accounting

What is authentication in AAA

Verifying the identity of a user or system

What is authorization in AAA

Granting or denying access permissions

What is accounting in AAA

Tracking and recording user activity for auditing and monitoring

What is RADIUS

Remote Authentication Dial In User Service

What is RADIUS used for

Centralized authentication authorization and accounting for network access

What ports does RADIUS use

UDP port 1812 for authentication and UDP port 1813 for accounting

What is 802.1X

A port based network access control standard

What is the purpose of 802.1X

To prevent unauthorized devices from accessing a network

What are the three components of 802.1X

Supplicant, Authenticator, and Authentication Server

What is a supplicant

The device attempting to connect to the network

What is an authenticator

The network device controlling access such as a switch or wireless access point

What is the authentication server

A server that validates credentials such as a RADIUS server

What is EAP

Extensible Authentication Protocol used to support multiple authentication methods

What is EAP used for

Providing flexible authentication methods within 802.1X

What authentication methods does EAP support

Passwords digital certificates tokens and biometrics

What is PEAP

Protected Extensible Authentication Protocol that uses an encrypted tunnel

What is EAP TLS

An EAP method that uses digital certificates for mutual authentication

What happens if 802.1X authentication fails

The port remains disabled and network access is denied

What happens if 802.1X authentication succeeds

The port is enabled and network access is granted

What is malware

Malicious software designed to damage disrupt or gain unauthorized access to systems

What are common types of malware

Virus worm trojan ransomware spyware rootkit and bot

What is a virus

Malware that attaches to legitimate files and requires user action to spread

What is a worm

Malware that self propagates without user interaction

What is a trojan

Malware disguised as legitimate software

What is ransomware

Malware that encrypts data and demands payment for decryption

What is spyware

Malware that secretly monitors user activity

What is a rootkit

Malware that provides persistent privileged access while hiding its presence

What is a bot

A compromised system controlled remotely as part of a botnet

What is a botnet

A network of compromised systems controlled by an attacker

What is a logic bomb

Malicious code triggered by a specific condition

What is fileless malware

Malware that runs in memory without writing to disk

What is a backdoor

A hidden method to bypass authentication

What are indicators of malware infection

Slow performance crashes pop ups unexpected network traffic

What is social engineering

Manipulating people into revealing information or performing actions

What is phishing

Deceptive messages designed to steal credentials or data

What is spear phishing

Targeted phishing aimed at a specific individual or organization

What is whaling

Phishing attacks targeting executives or high value individuals

What is vishing

Voice based phishing using phone calls

What is smishing

SMS based phishing using text messages

What is business email compromise (BEC)

Fraud using compromised or spoofed business email accounts

What is pretexting

Creating a fabricated scenario to obtain information

What is tailgating

Gaining physical access by following an authorized person

What is shoulder surfing

Observing someone enter credentials

What is threat actor

An individual or group that poses a security risk

What are common threat actor types

Script kiddie hacktivist insider organized crime and nation state

What is a script kiddie

An inexperienced attacker using existing tools

What is a hacktivist

An attacker motivated by political or social causes

What is an insider threat

A trusted individual who misuses access

What is an advanced persistent threat (APT)

A sophisticated long term attack often by nation states

What is attack surface

All possible points where an attacker can enter a system

What is attack vector

The path used to gain unauthorized access

What is a vulnerability

A weakness that can be exploited

What is a threat

A potential cause of harm

What is risk

The likelihood and impact of a threat exploiting a vulnerability

What is brute force attack

Repeated attempts to guess credentials

What is password spraying

Trying common passwords against many accounts

What is credential stuffing

Using leaked credentials from other breaches

What is dictionary attack

Using predefined word lists to guess passwords

What is denial of service (DoS)

An attack that disrupts availability

What is distributed denial of service (DDoS)

A DoS attack launched from multiple systems

What is on path attack

Intercepting traffic between communicating parties

What is man in the middle (MITM)

An attacker secretly intercepts and alters communications

What is replay attack

Capturing and reusing valid authentication data