Security Vocabulary and Acronyms
38 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does the 'C' in the CIA triad represent in the context of security?

  • Compliance
  • Control
  • Clarity
  • Confidentiality (correct)
  • Which protocol is recommended for secure data transmission over a network?

  • Telnet
  • HTTPS (correct)
  • HTTP
  • FTP
  • What can be considered a vulnerability in a security context?

  • A well-trained employee
  • A user with a strong password
  • A routinely updated system
  • An unencrypted protocol (correct)
  • In the context of data, what does 'data at rest' refer to?

    <p>Data stored on a device or cloud storage</p> Signup and view all the answers

    Which factor is NOT a typical example of a vulnerability?

    <p>Current operating system updates</p> Signup and view all the answers

    Which of the following is NOT a method to ensure confidentiality?

    <p>Using TFTP over a public network</p> Signup and view all the answers

    What is an exploit in the context of vulnerabilities?

    <p>A method that takes advantage of a vulnerability</p> Signup and view all the answers

    What is the purpose of using a secure flavor of FTP?

    <p>To ensure data confidentiality during transfer</p> Signup and view all the answers

    Which statement accurately describes 'data in motion'?

    <p>Data being sent from one device to another over a network</p> Signup and view all the answers

    What is the primary goal of implementing controls in a security framework?

    <p>To lower the risk of successful exploits</p> Signup and view all the answers

    Which of the following best describes a threat actor?

    <p>An entity leveraging an exploit</p> Signup and view all the answers

    Which of the following protocols is preferred for secure file transfer?

    <p>SCP</p> Signup and view all the answers

    Which of the following is NOT considered a type of control in a security strategy?

    <p>Preventative controls</p> Signup and view all the answers

    What role do simple passwords play in security vulnerabilities?

    <p>They increase the risk of unauthorized access</p> Signup and view all the answers

    What is a common characteristic of protocols that ensure confidentiality?

    <p>They encrypt the data during transfer</p> Signup and view all the answers

    In the AAA framework, what does the concept of accounting refer to?

    <p>Auditing actions and access within the system</p> Signup and view all the answers

    Which option is a consequence of using an older version of a protocol?

    <p>Increased vulnerability to eavesdropping</p> Signup and view all the answers

    What might an attacker use to exploit a vulnerability related to users?

    <p>A phishing email</p> Signup and view all the answers

    Which component of the AAA model determines what a user can do after authentication?

    <p>Authorization</p> Signup and view all the answers

    What is a critical advantage of identifying key assets within a security framework?

    <p>It allows focus on high-profile attack vectors</p> Signup and view all the answers

    How does weak password policy contribute to security breaches?

    <p>Promotes the use of simple, easily guessable passwords</p> Signup and view all the answers

    When calculating how much to spend on controls, what is a key consideration mentioned?

    <p>The potential cost of loss due to breaches</p> Signup and view all the answers

    In the security context, what does risk typically refer to?

    <p>The potential for assets to be compromised</p> Signup and view all the answers

    Which of the following exemplifies a user's vulnerability?

    <p>Falling for a social engineering attack</p> Signup and view all the answers

    What mindset is suggested as a good starting point for deploying a new network securely?

    <p>Zero trust</p> Signup and view all the answers

    What type of loss can result from a successful exploit besides monetary loss?

    <p>Reputational damage</p> Signup and view all the answers

    Which aspect of a vulnerability is considered when evaluating the likelihood of a successful exploit?

    <p>The sophistication of potential attacks</p> Signup and view all the answers

    What term is used to describe the process of confirming a person's identity before granting access to a network?

    <p>Authentication</p> Signup and view all the answers

    What is the primary function of encryption in a VPN tunnel?

    <p>Provide confidentiality for the data being sent.</p> Signup and view all the answers

    What does integrity imply in the context of cybersecurity?

    <p>Data has not been altered by unauthorized sources.</p> Signup and view all the answers

    Which method is commonly used to verify the integrity of a downloaded file?

    <p>Using a checksum or hash value comparison.</p> Signup and view all the answers

    What role does availability play in cybersecurity?

    <p>It ensures authorized users can access data when needed.</p> Signup and view all the answers

    Which of the following is NOT a method to improve availability?

    <p>Encrypting all data files.</p> Signup and view all the answers

    What does the acronym CIA stand for in cybersecurity?

    <p>Confidentiality, Integrity, Availability.</p> Signup and view all the answers

    Which setup design helps maintain availability by allowing backup devices to take over if one fails?

    <p>Active-Active configuration.</p> Signup and view all the answers

    What is a common result of an integrity failure in downloaded files?

    <p>Data contains unauthorized modifications or malware.</p> Signup and view all the answers

    What is a characteristic of fault tolerance in data management?

    <p>It allows systems to continue operating in the event of a failure.</p> Signup and view all the answers

    Which of the following is an example of a method to enhance data availability?

    <p>Deploying a first-hop redundancy protocol (FHRP).</p> Signup and view all the answers

    Study Notes

    CIA Triad

    • CIA stands for Confidentiality, Integrity, and Availability, essential goals in security.
    • Confidentiality ensures data is visible only to authorized users; applies to data at rest, in motion, and in processing.
    • Secure communication protocols enhance confidentiality:
      • Use SSH instead of Telnet,
      • HTTPS over HTTP, using SSL or TLS for encryption.
    • Encrypting stored data, either files or entire drives, protects confidentiality.

    Integrity

    • Refers to the accuracy and trustworthiness of data.
    • Data should remain unchanged unless authorized; modifications by unauthorized entities compromise integrity.
    • Implemented through hashing, allowing verification of data authenticity (e.g., comparing hash values of downloaded files).

    Availability

    • Guarantees that data and systems are accessible when needed.

    • Achieved through high availability setups, fault tolerance, and redundancy using techniques like:

      • NIC teaming and RAID configurations.

        NIC teaming, also known as network interface card teaming or network bonding, is a process that combines multiple network connections into a single logical interface. The main goal is to increase network bandwidth, provide redundancy, and improve network reliability. By teaming NICs, if one network connection fails, the others continue to operate, ensuring constant network availability. It also allows for load balancing, where incoming and outgoing network traffic is distributed across all available connections for more efficient data handling.

        Yes, NIC teaming can increase network speed by aggregating the bandwidth of multiple network connections into a single logical interface. This means that the combined connections can handle more data simultaneously, effectively increasing the overall network throughput. This is especially beneficial in environments that require high data transfer rates, such as data centers or servers handling large volumes of traffic. However, the actual increase in speed depends on the configuration of the network and the capability of the networking equipment and software to properly distribute the traffic across the teamed interfaces.

      • Load balancing and active-passive device configurations to ensure functionality during device failures.

    Vulnerability

    • Represents weaknesses in a system that can be exploited.
    • Common vulnerabilities include:
      • User manipulation through social engineering,
      • Operating system or application flaws,
      • Weak or absent password policies,
      • Use of unencrypted or outdated protocols (e.g., using Telnet or SNMP).

    Exploit and Threat Actors

    • An exploit is the method by which a vulnerability is taken advantage of (e.g., brute-force password attacks or phishing).
    • A threat actor is an individual or group utilizing exploits to compromise systems.

    Risk Assessment

    • Involves evaluating potential vulnerabilities and threats to organizational assets.
    • Factors include the likelihood of exploits succeeding and the potential impact, including financial and reputational losses.
    • Identifies the need for controls to mitigate risks; controls can be categorized as:
      • Administrative controls refer to policies, procedures, and practices designed to manage organizational behavior and ensure compliance with security protocols.
      • Technical controls involve the use of technology to protect systems, such as firewalls and encryption methods, to safeguard sensitive information.
      • Physical controls consist of tangible barriers, such as locks, surveillance cameras, and security personnel, aimed at safeguarding facilities and assets from unauthorized access.

    AAA Framework

    • Stands for Authentication, Authorization, and Accounting, crucial for network security.
    • Authentication verifies user identity before access is granted.
    • Authorization determines what authenticated users are allowed to do.
    • Accounting tracks user activities and access for auditing purposes.

    Zero Trust Model

    • Emphasizes security posture that assumes every attempt to access the system could be a threat.
    • Advocates for continuous verification of user credentials and access rights regardless of their location within the network.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz explores key vocabulary and acronyms used in the security field. Focus on understanding the significance of terms like CIA, which encapsulates core goals in security. Test your knowledge on these essential concepts and enhance your security literacy.

    More Like This

    Use Quizgecko on...
    Browser
    Browser