Podcast
Questions and Answers
What is the primary goal of confidentiality in information security?
What is the primary goal of confidentiality in information security?
- Ensuring that information is not revealed to unauthorized persons (correct)
- Denying access to information and resources
- Detecting any modification of data
- Ensuring that data is accessible to all users
What is the formula to calculate risk in information security?
What is the formula to calculate risk in information security?
- Risk = Threat x Vulnerabilities (correct)
- Risk = Threat ÷ Vulnerabilities
- Risk = Threat + Vulnerabilities
- Risk = Threat - Vulnerabilities
What is the primary purpose of a firewall in information security?
What is the primary purpose of a firewall in information security?
- To encrypt data transmission
- To control incoming and outgoing network traffic (correct)
- To provide virtual private network access
- To detect and prevent malware attacks
What is the key difference between symmetric and asymmetric key cryptography?
What is the key difference between symmetric and asymmetric key cryptography?
What is the primary focus of security in information security?
What is the primary focus of security in information security?
What is the reason why it's impossible to totally eliminate risk in information security?
What is the reason why it's impossible to totally eliminate risk in information security?
What is an example of a passive attack?
What is an example of a passive attack?
What is the primary goal of a reconnaissance attack?
What is the primary goal of a reconnaissance attack?
What is the term for the ability of someone or something to influence the behavior of a group of people?
What is the term for the ability of someone or something to influence the behavior of a group of people?
What type of attack involves someone from the inside, such as a disgruntled employee, attacking the network?
What type of attack involves someone from the inside, such as a disgruntled employee, attacking the network?
What is the term for a fake web page that looks exactly like a popular website, used to persuade users to enter sensitive information?
What is the term for a fake web page that looks exactly like a popular website, used to persuade users to enter sensitive information?
What is the term for a hacker taking over a session between two individuals and disconnecting the other individual from the communication?
What is the term for a hacker taking over a session between two individuals and disconnecting the other individual from the communication?
What is the primary goal of a scanning attack?
What is the primary goal of a scanning attack?
What is the term for activities undertaken by a hacker to extend their misuse of the system without being detected?
What is the term for activities undertaken by a hacker to extend their misuse of the system without being detected?
Flashcards are hidden until you start studying
Study Notes
Information Security Goals
- Confidentiality: ensuring that information is not revealed to unauthorized persons
- Integrity: ensuring consistency of data and detecting any modifications
- Availability: ensuring that legitimate users have access to information and resources
- Security is a shared responsibility that each person must accept when connecting to a network
Risks and Threats
- Risk = Threat x Vulnerability
- Vulnerability: degree of weakness found in every network and device
- Threat: a person, thing, event, or idea that poses danger to an asset's confidentiality, integrity, availability, or legitimate use
- It's impossible to totally eliminate risk, and there is no simple solution to securing information
Attack and Attack Types
- Attack: any attempt to destroy, expose, alter, disable, steal, or gain unauthorized access to an asset
- Passive Attack: difficult to detect, involves capturing and attempting to decrypt packets from a network
- Active Attack: easier to detect, involves actively sending traffic to access information or modify data
- Malicious Hacker Methods:
- Reconnaissance: gathering information about a target system
- Scanning: scanning a network with gathered information
- Gaining Access: exploiting a system
- Maintaining Access: retaining ownership of a system
- Covering Tracks: undertaking activities to remain undetected
Social Engineering
- Phishing Attack: creating a fake website to persuade users to enter sensitive information
- Hijack Attack: taking over a session between two parties and disconnecting one party
- Insider Attack: an attack from within, such as a disgruntled employee attacking the network
Security Defenses
- Firewalls: static and dynamic
- IDS/IPS
- VPN
- Proxy
- Next-generation Firewalls
- Encryption:
- Symmetric Key Cryptography
- Asymmetric Key Cryptography
- Digital Signatures/Digital Certificates
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
