1.2 Summarize fundamental security concepts
Studied by 1 person
Knowt Play
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/12
Earn XP
Description and Tags
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
13 Terms
What do each of the letters represent in “CIA”?
The letters stand for Confidentiality, Integrity and Availability.
What does Confidentiality do in the CIA Triad?
This is used to protect information from unauthorized access ensuring that sensitive data is accessible only to those who have the right to view it by using either encryption and/or access controls.
What does Integrity do in the CIA Triad?
This is used to ensure that the data in transit has not been modified in any way when reaching it’s destination. There are several ways this is done which includes, hashing, digital signatures and certificates.
What does Availability do in the CIA Triad?
This is used to ensure that the data is always available to authorized users. This can be achieved by using Redundancy, fault tolerance and patching.
What is non-repudiation?
This is a security service that ensures a party cannot deny the authenticity of their signature on a document or the sending of a message. This is done by using “Proof of Origin” and “Proof of Integrity”. An example would be a digital certificate signed by you.
What does the AAA framework stand for?
Authentication, Authorization and Accounting. Authentication is used to prove you are who you are. Authorization is allowing you only to see certain resources based on your account. Accounting refers to log times and the resources used.
What is a gap analysis?
A gap analysis is a comparison of where your current security standards are to where you want to be. This can take several weeks or months to get where you want to be.
What is zero trust?
This is defined as you still need to verify who you are even once inside the network. Any change you make has to be verified.
What are the 2 planes of operation?
The 2 planes are the data plane and control plane.
What does the Data plane do?
This plane actually performs the security process. This may include processing frames, packets, trunking and encyrption.
What does the Control plane do?
This plane manages the actions of the data plane. It basically defines the rules and policies. An example is how the packets and/or frames are forwarded across a network.
Match the term with the appropriate definition.
Terms: Infrared, Microwave, Ultrasonic, Pressure
Definition:
These detect movement across large areas.
This detects a change in force. These kind of sensors are usually found in floor and window sensors.
Send signals and receive reflected sound waves. These can detect motion and collision detection.
This detects movement in both light and dark environments and are mostly common in motion detectors.
Infrared: This detects movement in both light and dark environments and are mostly common in motion detectors.
Pressure: This detects a change in force. These kind of sensors are usually found in floor and window sensors.
Microwave: These detect movement across large areas.
Ultrasonic: Send signals and receive reflected sound waves. These can detect motion and collision detection.
Match the terms with their definition:
Term: Honeypot, Honeynet, Honeyfile, Honeytoken
Definition:
This device attracts attackers and traps them there to observe how they are trying to infiltrate a system. This is usually a virtual environment that is isolated from the real network.
This is usually a more realistic environment that involves a lot more devices than just a single device that can include workstations, servers, routers and more.
These are files that have fake information or make it seem like they have important information.
This is traceable data to the honeynet. If it’s stolen, you’ll know where it came from.
Honeypot: This device attracts attackers and traps them there to observe how they are trying to infiltrate a system. This is usually a virtual environment that is isolated from the real network.
Honeynet: This is usually a more realistic environment that involves a lot more devices than just a single device that can include workstations, servers, routers and more.
Honeyfile: These are files that have fake information or make it seem like they have important information
Honeytoken: This is traceable data to the honeynet. If it’s stolen, you’ll know where it came from.