Section 16: Logical Security

What is logical security? - Measures that protect digital access to systems and data, such as passwords, ACLs, and encryption.

What is an ACL (Access Control List)? - A set of rules that allow or deny network traffic based on IP, MAC, or port numbers.

What is the principle of least privilege? - Users should be given only the minimum level of access needed to perform their tasks.

What are the three main components of IAM (Identity and Access Management)? - Identification, Authentication, Authorization.

What is 802.1X used for? - Port-based network access control that uses RADIUS or EAP for authentication.

What is the difference between DAC and MAC? - DAC (Discretionary Access Control) allows owners to set permissions, while MAC (Mandatory Access Control) enforces security labels system-wide.

What are the three main factors in Multifactor Authentication (MFA)? - Something You Know (password), Something You Have (smart card), Something You Are (biometrics).

What is TOTP? - Time-Based One-Time Password, a temporary code that changes every 30-60 seconds (e.g., Google Authenticator).

How does a push notification MFA work? - Instead of entering a code, the user receives a push alert on their device to approve or deny access.

How does SAML work? - Security Assertion Markup Language enables single sign-on (SSO) by authenticating users across multiple services.

What is OAuth used for? - Allows secure third-party access to resources without sharing passwords (e.g., "Sign in with Google").

What is the CIA Triad? - Confidentiality, Integrity, Availability – the three core principles of cybersecurity.

What is defense in depth? - A layered security approach using multiple security controls to protect a system.

What is symmetric encryption? - Encryption that uses one key for both encryption and decryption (e.g., AES).

What is asymmetric encryption? - Encryption that uses two keys: a public key to encrypt and a private key to decrypt (e.g., RSA).

What is IPSec Transport Mode? - Encrypts only the payload of the packet; used for host-to-host communication.

What is IPSec Tunnel Mode? - Encrypts the entire IP packet, commonly used in VPNs.

What does ESP (Encapsulating Security Payload) do in IPSec? - Provides encryption, integrity, and authentication.

What is IKE (Internet Key Exchange)? - A protocol that automates the setup of secure IPSec connections.

What is Public Key Infrastructure (PKI)? - A framework that manages encryption keys and digital certificates for secure communication.

What is a Certificate Authority (CA)? - A trusted entity that issues and verifies digital certificates.

What is a Certificate Revocation List (CRL)? - A list of revoked digital certificates that are no longer trusted.

What is the purpose of a digital certificate? - To verify the identity of websites, individuals, or organizations using public-key cryptography.

What is an SSL/TLS certificate? - A digital certificate that secures websites using HTTPS encryption.

What is key management? - The process of generating, storing, distributing, and revoking encryption keys securely.

What is key escrow? - A security measure where a trusted third party holds encryption keys in case they need to be recovered.

What is Perfect Forward Secrecy (PFS)? - Ensures that compromising one encryption key does not affect past or future sessions.

What is VLAN hopping? - A network attack where an attacker gains access to unauthorized VLANs by exploiting misconfigured trunking or double tagging.

What is a MAC flooding attack? - An attack where a switch’s MAC address table is overwhelmed, forcing it to act like a hub and send traffic to all ports.

What is an ARP spoofing attack? - An attack where an attacker sends fake ARP replies, tricking devices into sending traffic to the attacker’s machine.

What is a DNS poisoning attack? - An attack that corrupts DNS cache, redirecting users to malicious sites.

What is an on-path attack (formerly MITM - Man-in-the-Middle)? - An attack where an attacker intercepts and alters communication between two parties without their knowledge.

What is a rogue access point? - An unauthorized Wi-Fi access point that can be used for attacks like eavesdropping.

What is a honeypot? - A security tool designed to lure attackers and study their behavior.

What is a DoS attack? - A Denial of Service attack that overwhelms a system, making it unavailable to legitimate users.

What is a DDoS attack? - A Distributed Denial of Service attack that uses multiple devices (often bots) to overload a system.

What is social engineering? - A tactic where attackers manipulate people into giving up confidential information (e.g., phishing, pretexting).

What is phishing? - A fraudulent attempt to trick users into providing sensitive information via fake emails or websites.

What is malware? - Malicious software designed to damage, steal data, or disrupt systems (e.g., viruses, ransomware, spyware).

What is risk management? - The process of identifying, assessing, and mitigating security risks to protect assets.

What is a security risk assessment? - A process of evaluating security risks and determining how to address them.

What is PCI DSS? - Payment Card Industry Data Security Standard, a security standard for companies handling credit card transactions.

What is GDPR? - General Data Protection Regulation, a European data privacy law that requires businesses to protect personal data.