Cyber Security Security + Study Guide

This set of flashcards covers key concepts and terminology related to Cyber Security, including security controls, the CIA triad, digital signatures, change management, and various encryption methods.

What are the four categories of security controls in Cyber Security?

Technical, Managerial, Operational, Physical.

What does the Preventive control type do?

Stops attacks before they happen.

What is the CIA Triad?

Confidentiality, Integrity, Availability.

What is the purpose of multi-factor authentication?

To provide extra proof before granting access.

What does nonrepudiation guarantee?

That the sender cannot deny sending the message.

What is a digital signature?

A hash that is encrypted with the sender's private key.

What are the three components of the AAA Framework?

Authentication, Authorization, Accounting.

What is the difference between a Public Key and a Private Key?

Public key is shared with everyone; Private key is kept secret by the owner.

What does Gap Analysis compare?

The current state with the baseline.

What is Zero Trust Architecture based on?

Nothing is trusted, everything must be verified every time.

What does the Policy Enforcement Point (PEP) do in Zero Trust?

Gathers info and enforces decisions regarding access.

What is a honeypot?

A fake system designed to attract attackers to study their techniques.

What is the main purpose of change control?

To maintain uptime and availability, and ensure everyone is informed.

What does a digital certificate contain?

A public key and a digital signature.

What is the difference between hashing and encryption?

Hashing is a one-way function while encryption can be reversed with the key.

What is Blockchain technology?

A distributed ledger that is tamper-resistant and provides integrity through hashing.

What does the Certificate Authority (CA) do?

Signs digital certificates and provides trust.

What are the two types of encryption keys in asymmetric encryption?

Public key for encryption and private key for decryption.

What is the purpose of tokenization?

To replace sensitive data with a meaningless token that has no mathematical relationship to the original.

What is the use of a backout plan in change management?

To document steps to revert specific changes if something goes wrong.

What is key management in a security context?

Centralized control of all cryptographic keys.

What does OCSP provide in relation to digital certificates?

Real-time certificate status checking.

What is the purpose of salting in password storage?

To ensure different hashes for the same password by adding random data.

What is a honeyfile?

A fake file that looks valuable and triggers an alert when accessed.