1
Q
What is the definition of a ‘threat’ in the context of software security?
A
A risk or potential danger that can exploit a vulnerability
2
Q
What does ‘vulnerability’ refer to in software security?
A
A weakness in a system that can be exploited by threats
3
Q
What is a ‘threat vector’?
A
A path or method used by a threat to access a system
4
Q
What does the CIA triad stand for?
A
- Confidentiality
- Integrity
- Availability
5
Q
What is the main goal of confidentiality in information security?
A
To keep sensitive information undisclosed to unauthorized parties
6
Q
What does integrity ensure in data security?
A
That data remains accurate, consistent, and trustworthy
7
Q
What is the purpose of availability in the context of security?
A
To ensure that data and services are accessible when needed
8
Q
Define ‘fault tolerance’ in software systems.
A
The ability of a system to continue operating after a failure
9
Q
What are the roles of backups in data recovery?
A
To restore data and services after a failure
10
Q
What does access control include?
A
- Passwords
- Biometrics
11
Q
What is encryption?
A
The process of encoding information to be accessible only by authorized users
12
Q
What do secure communication protocols like SSL/TLS do?
A
Protect data during transmission from unauthorized changes
13
Q
What is the purpose of cryptographic hashes?
A
To ensure data integrity by providing a unique output for given input
14
Q
Fill in the blank: _______ are used to verify the authenticity of a message.
A
[Digital signatures]
15
Q
What does PCI DSS stand for?
A
Payment Card Industry Data Security Standards
16
Q
What is the primary purpose of PCI DSS?
A
To ensure companies have a secure environment
17
Q
True or False: PCI DSS applies only to companies that directly process credit card transactions.
A
False
18
Q
Fill in the blank: PCI DSS is a set of _______ designed to protect card information.
A
[data security standards]
19
Q
What does the acronym ‘GDPR’ stand for?
A
General Data Protection Regulation
20
Q
True or False: GDPR and PCI DSS are unrelated data protection standards.
A
False
21
Q
What is a key requirement under PCI DSS for companies handling payment information?
A
Implementing strong access control measures
22
Q
List three main areas that PCI DSS covers.
A
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
23
Q
Fill in the blank: Companies must regularly _______ their compliance with PCI DSS.
A
[assess]
24
Q
What does a secure environment help prevent?
A
Data breaches and fraud
25
What type of companies must comply with PCI DSS?
All companies that accept, process, store, or transmit credit card information
26
True or False: PCI DSS compliance is optional for companies.
False
27
What is one of the main goals of GDPR?
To enhance individuals' control over their personal data
28
What is Geofencing?
A technology that uses GPS or RFID to create a virtual boundary around a real-world geographic area.
## Footnote
Geofencing is often used for location-based services.
29
What are Location-Based Services?
Services that utilize the geographical location of a user to provide relevant information or functionality.
## Footnote
Examples include navigation apps and targeted advertising.
30
What technologies are commonly used in Geofencing?
* GPS
* RFID
* Wi-Fi
* Cellular data
## Footnote
Each technology has its advantages and limitations based on accuracy and range.
31
What does AAA stand for in the context of security?
Authentication, Authorization, Accounting
## Footnote
AAA is a framework used to manage user access and permissions.
32
What is the purpose of Authentication?
To verify access by validating credentials
## Footnote
Authentication ensures that users are who they claim to be.
33
What does Authorization refer to?
User permissions managed by the system
## Footnote
Authorization determines what an authenticated user is allowed to do.
34
What is the role of Credentials in AAA?
To authenticate users against Access Control Lists (ACL)
## Footnote
Credentials can include passwords, tokens, or biometric data.
35
What does Accounting in AAA track?
Tracking activities of users
## Footnote
Accounting monitors user actions and resource usage for auditing purposes.
36
Fill in the blank: The process of _______ involves verifying user identity.
Authentication
37
True or False: Authorization occurs before Authentication.
False
## Footnote
Authorization follows successful Authentication.
38
What are the factors of MFA?
Passwords, PINs, security questions, mobile device authentication, apps, smart cards, security tokens, biometric factors, geographic location, GPS
## Footnote
MFA stands for Multi-Factor Authentication, which enhances security by requiring multiple forms of verification.
39
Fill in the blank: MFA stands for _______.
Multi-Factor Authentication
40
What is a biometric factor in MFA?
A physical characteristic used for authentication, such as fingerprints or facial recognition
## Footnote
Biometric factors are increasingly used in security systems for their uniqueness and difficulty to replicate.
41
True or False: Security tokens are a type of MFA factor.
True
42
What role does a mobile device play in MFA?
It serves as a physical device required for authentication
## Footnote
This often involves receiving a code or using an authentication app.
43
List some examples of MFA factors.
* Passwords
* PINs
* Security questions
* Mobile device authentication
* Apps
* Smart cards
* Security tokens
* Biometric factors
* Geographic location
* GPS
44
What does geographic location refer to in MFA?
A factor that uses the physical location of the user to verify identity
## Footnote
This can include GPS data to ensure that the user is in an expected location.
45
What does access control manage?
Access control manages and restricts access to resources in an information system.
## Footnote
Access control ensures that only authorized users can access certain resources.
46
What are the key factors balanced in access control?
Security, compliance, and usability.
## Footnote
Balancing these factors is crucial for effective access control.
47
What are the types of access control?
Types of access control include:
* DAC (Discretionary Access Control)
* MAC (Mandatory Access Control)
* RBAC (Role-Based Access Control)
* ABAC (Attribute-Based Access Control)
## Footnote
Each type has different mechanisms for managing user access.
48
Fill in the blank: Access control balances ______, compliance, and usability.
security
49
What is the purpose of audits in regulatory compliance?
To protect sensitive information and meet legal/industry standards
## Footnote
Audits help ensure that organizations are adhering to required regulations and standards.
50
What does data locality refer to?
Compliance with local laws regarding data storage and processing
## Footnote
Data locality ensures that data is handled according to the legal requirements of the specific location.
51
True or False: Audits are only conducted to protect sensitive information.
False
## Footnote
Audits also aim to ensure compliance with legal and industry standards.
52
Fill in the blank: Audits are conducted to protect _______ information.
sensitive
53
What are the key components of regulatory compliance?
* Protecting sensitive information
* Meeting legal standards
* Meeting industry standards
## Footnote
Regulatory compliance involves adhering to various regulations that govern how organizations must operate.
54
What is network segmentation?
Dividing a network to keep data separated
## Footnote
This practice enhances security by limiting access to sensitive information.
55
Fill in the blank: The GDPR applies to personal data of individuals within the _______.
European Union
56
What are the potential consequences for violating GDPR?
Fines and penalties
## Footnote
Organizations can face significant fines for non-compliance, up to 4% of annual global turnover.
57
True or False: GDPR applies to both automated and manual processing of personal data.
True
## Footnote
GDPR covers all forms of processing personal data.
58
Fill in the blank: Under GDPR, individuals have the right to access their _______.
personal data
59
What does BYOD stand for?
Bring Your Own Device
## Footnote
BYOD refers to policies that allow employees to use their personal devices for work purposes.
60
What is the purpose of Segmentation in BYOD?
To separate personal devices from the corporate network
## Footnote
Segmentation helps protect sensitive company data by keeping personal and work devices on different networks.
61
Fill in the blank: A Guest Network provides _______ for visitors.
access to the internet
## Footnote
This allows guests to connect without accessing the main network.
62
True or False: A Guest Network is the same as the main corporate network.
False
## Footnote
A Guest Network is a separate network designed for visitors to ensure security.
63
What does SCADA stand for?
Supervisory Control and Data Acquisition
## Footnote
SCADA systems are used for industrial control and monitoring.
64
What does DCS stand for?
Distributed Control System
## Footnote
DCS systems are used to control production systems in various industries.
65
What does PLC stand for?
Programmable Logic Controller
## Footnote
PLCs are used for automation of industrial processes.
66
Name three systems used in industrial production.
* SCADA
* DCS
* PLC
## Footnote
These systems are essential for monitoring and controlling industrial processes.
67
Fill in the blank: SCADA, DCS, and PLC are systems used in _______.
industrial production
68
True or False: SCADA systems are only used in electrical industries.
False
## Footnote
SCADA systems are used in various industries, including water, gas, and oil.
69
What industries commonly use SCADA, DCS, and PLC systems?
* Electrical
* Water
* Gas
* Oil
## Footnote
These systems are integral to the operation and management of these industries.
70
Fill in the blank: DCS systems are typically used to control _______.
production systems
71
What is the primary function of a PLC?
Automation of industrial processes
## Footnote
PLCs can be programmed to perform specific control tasks.
72
What is Time-based Authentication?
A method of authentication that relies on time-sensitive information.
73
What is the purpose of a log in code/token?
To verify user identity during the authentication process.
74
What does CA Certificate stand for?
Central Authority Certificate.
75
What is the role of a Certificate Authority?
To issue digital certificates that verify the ownership of a public key.
76
True or False: Time-based Authentication does not require any external verification.
False
77
What is the significance of time in Time-based Authentication?
It ensures that the authentication code is valid only for a short period.
78
What is Asymmetric Encryption?
A method that uses pairs of keys (public and private) for encryption
## Footnote
Asymmetric encryption allows for secure communication and digital signatures.
79
What are the two types of keys used in Asymmetric Encryption?
Public key and private key
## Footnote
The public key can be shared with anyone, while the private key is kept secret by the owner.
80
What is the purpose of the public key in Asymmetric Encryption?
It is shared with anyone to allow secure communication
## Footnote
The public key enables others to encrypt messages sent to the owner.
81
What is the purpose of the private key in Asymmetric Encryption?
It is kept secret by the owner to decrypt messages
## Footnote
Only the owner can use the private key to access the information encrypted with their public key.
82
True or False: Asymmetric Encryption can be used for digital signatures.
True
## Footnote
Digital signatures verify the authenticity and integrity of a message.
83
Fill in the blank: Asymmetric Encryption is ______ for large data.
slower
## Footnote
While it is secure, the process of encrypting and decrypting with key pairs is comparatively slower than symmetric encryption.
84
What is a disadvantage of Asymmetric Encryption?
It is slower compared to symmetric encryption
## Footnote
This can make it less efficient for encrypting large amounts of data.
85
What does SAML stand for?
Security Assertion Markup Language
## Footnote
SAML is a standard for exchanging authentication and authorization data between identity providers and service providers.
86
What is the purpose of SSO?
To use the same credentials/identity to access multiple apps/services
## Footnote
SSO stands for Single Sign-On.
87
What is the role of an Identity Provider (IdP)?
To provide authentication and identity information
## Footnote
IdPs help verify user identities for service providers.
88
What is the main function of OAuth?
To allow a site/app access to user info without their credentials
## Footnote
OAuth focuses on authorization rather than authentication.
89
True or False: OpenID Connect is an extension of OAuth2.
True
## Footnote
OpenID Connect adds authentication capabilities to the OAuth2 framework.
90
Fill in the blank: SAML uses _______ to exchange data.
XML
## Footnote
XML is the format used by SAML for data exchange.
91
What does OpenID Connect aim to do?
Authenticate users and provide identity information
## Footnote
OpenID Connect combines authentication with OAuth2.
92
What does the term 'attest' mean in the context of identity verification?
To certify that a user is who they claim to be
## Footnote
Attestation is important for ensuring trust in identity claims.
93
What does SP stand for in this context?
Service Provider
## Footnote
The SP needs IdP information to provide access to users.
94
What does RADIUS stand for?
Remote Authentication Dial In User Service
## Footnote
RADIUS is a networking protocol for user authentication and accounting.
95
What does TACACS stand for?
Terminal Access Controller Access-Control System
## Footnote
TACACS is a protocol used for network authentication.
96
What is the primary purpose of RADIUS?
Centralized authentication, authorization, and accounting
## Footnote
RADIUS is commonly used in Internet Service Providers (ISPs) and enterprises.
97
What is the main function of TACACS?
Centralized authentication and authorization
## Footnote
TACACS provides a more granular control over user permissions compared to RADIUS.
98
RADIUS and TACACS are examples of __________.
[authentication protocols]
99
True or False: RADIUS is primarily used for accounting.
False
## Footnote
RADIUS is used for authentication, authorization, and accounting, but accounting is not its primary focus.
100
What type of networks commonly utilize RADIUS?
ISPs and enterprises
## Footnote
These networks require a centralized method for managing user credentials.
101
What does AAA stand for in the context of RADIUS and TACACS?
Authentication, Authorization, Accounting
## Footnote
AAA is a framework for controlling access to computer resources.
102
Fill in the blank: RADIUS is used for connecting to a _______.
[network service]
103
What technology is used for centralized authentication in RADIUS?
User credentials
## Footnote
RADIUS uses user credentials to authenticate access to network services.
104
What is a key difference between RADIUS and TACACS?
Different software implementations
## Footnote
Although both serve similar functions, they differ in their software architecture and usage.
105
What is the principle of Least Privileges?
Users should have only the necessary permissions to perform their tasks.
## Footnote
This principle helps to minimize security risks by limiting access rights.
106
What are Administrative Accounts?
Accounts specifically designed for administrative tasks.
## Footnote
These accounts typically have elevated permissions compared to standard user accounts.
107
What is the purpose of having separate accounts for different tasks?
To segregate administrative tasks from standard tasks.
## Footnote
This helps improve security and manageability.
108
Fill in the blank: Users should have _______ permissions to function.
only necessary
109
True or False: All users should have administrative access to all systems.
False
110
What is meant by 'Software/Processes' in the context of permissions?
Refers to the systems and applications that require specific access levels.
## Footnote
Software and processes should only allow access based on the principle of least privileges.
111
What is Public Key Infrastructure (PKI)?
A framework used to create, manage, distribute, use, store, and revoke digital signatures and manage public key encryption
## Footnote
PKI is crucial for secure communications over networks.
112
Fill in the blank: PKI is essential for the secure transfer of _______ for a range of network activities.
information
## Footnote
This includes various types of data exchanges, not limited to just emails.
113
What is the primary characteristic of symmetric encryption?
Same key used to encrypt and decrypt data
## Footnote
Symmetric encryption requires that both parties share the same secret key for both operations.
114
What is a key advantage of symmetric encryption for large amounts of data?
Simply faster and more efficient
## Footnote
This efficiency makes symmetric encryption suitable for encrypting large datasets.
115
What is a limitation of symmetric encryption regarding non-repudiation?
Lack of non-repudiation
## Footnote
Non-repudiation is the assurance that someone cannot deny the validity of something, which is not guaranteed in symmetric encryption.
116
What are common applications of symmetric encryption?
Encrypts applications for storage and data in transit
## Footnote
This includes securing sensitive information while it is being transferred or stored.
117
What factors impact the security of symmetric encryption?
Key length and algorithm
## Footnote
The strength of symmetric encryption is determined by the length of the key used and the specific algorithm implemented.
118
What is a critical aspect of key management in symmetric encryption?
Keys should be securely shared and stored
## Footnote
Proper key management is essential to maintain the security of the encryption process.
119
What is Domain Validation?
A method of verifying that the applicant has control over a domain name.
## Footnote
Domain Validation is typically the simplest form of certificate validation.
120
What does Extended Validation mean?
A rigorous verification process that provides the highest level of assurance to users.
## Footnote
Extended Validation certificates display the organization's name in the browser's address bar.
121
What is a Wildcard Certificate?
A digital certificate that can secure multiple subdomains of a single domain.
## Footnote
Wildcard certificates are denoted by an asterisk (*) in the domain name.
122
What is a Self-Signed Certificate?
A certificate that is signed by the entity creating it, rather than a trusted third-party authority.
## Footnote
Self-signed certificates are less trusted than those issued by recognized Certificate Authorities.
123
What is the role of a third-party trust in digital certificates?
To provide assurance that the certificate can be trusted by verifying the identity of the certificate holder.
## Footnote
Third-party authorities are known as Certificate Authorities (CAs).
124
Fill in the blank: The purpose of a certificate is to verify _______.
[the identity of the entity or individual].
125
True or False: A Self-Signed Certificate is always trusted by browsers.
False.
## Footnote
Browsers generally do not trust self-signed certificates without manual intervention.
126
What does 'Public Use' refer to in the context of certificates?
The intended use of a certificate for secure communications over the internet.
## Footnote
Public Use ensures that the certificate can be recognized and validated by users and systems.
Udemy Net+ 10-009
flashcards
Decks in class (18)
# Cards
-
Networking Fundamentals12
-
OSI Model2
-
Network Devices15
-
IP Addressing15
-
Intro To Protocols47
-
Network Cabling70
-
Modern Network Environments42
-
IP Routing49
-
Switching36
-
Wireless Networks81
-
Physically installing a network37
-
Using The Cloud47
-
IP Services44
-
Network Monitoring30
-
Network Documentation32
-
Disaster Recovery22
-
Network Access And Management18
-
Network Security Concepts126
