Security Principles and Cryptography

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

Flashcards covering key concepts related to security principles, cryptography, and various technical processes.

Last updated 1:45 PM on 4/28/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

KISS Principle (Economy of Mechanism)

Security mechanisms should be simple and small as possible.

2
New cards

Open Design

The principle that security software code is made public for review.

3
New cards

Data sent over HTTP

Plaintext.

4
New cards

In cryptography, what do algorithms and keys represent?

Algorithms = process, Keys = secret values.

5
New cards

Caesar cipher

An example of symmetric encryption.

6
New cards

False statement about Symmetric encryption

Uses public and private key pair.

7
New cards

Asymmetric keys

If public encrypts, then only private key decrypts.

8
New cards

Cryptanalysis

Breaking encrypted data without the key by studying patterns.

9
New cards

Correct statement about hashing

One-way, not reversible.

10
New cards

False statement about hashing

Users directly see and use hashing.

11
New cards

Comparison of hashing vs encryption

Encryption is reversible, hashing is one-way.

12
New cards

Password storage in a database

Salt + hashed password.

13
New cards

Randomness in systems

Uses entropy from unpredictable sources.

14
New cards

Appropriate hashing algorithm for password storage

Slow hashing.

15
New cards

Least access account if compromised

Standard user.

16
New cards

Windows Time service account

Local Service.

17
New cards

Reason DHCP Client runs under Network Service

Needs network access but limited privileges.

18
New cards

Internal OS identification of logged-in user

SID (Security Identifier).

19
New cards

Difference between program and process

Process = running program, Program = file.

20
New cards

Ensures Chrome & Word run without interference

Process Isolation.

21
New cards

Code sent by attacker to trigger a flaw

Exploit.

22
New cards

Type of exploit for gaining admin access from normal user

Privilege escalation.

23
New cards

Vulnerability type used by Stuxnet

Zero-day vulnerability.

24
New cards

Reason Khalil did not receive Facebook bug bounty

Broke disclosure rules.

25
New cards

CVE identifier

A unique identifier assigned to a confirmed vulnerability.

26
New cards

High CVSS score means actively exploited

False.

27
New cards

Process existence without a program

True.

28
New cards

Using salt with hashing ensures identical hashes for identical passwords

False.

29
New cards

Speed comparison of symmetric vs asymmetric encryption

Symmetric encryption is faster.

30
New cards

Killing a process effect on the program

Killing a process does not necessarily remove the program from the system.