Security concepts 4.1

Question 1

Data in transit

Answer 1

Data transmitted over network. Also called Data in motion. Can be encrypted with TLS or IPsec

Question 2

Data at rest

Answer 2

Data on storage device. Usually data is encrypted on the disc, the database, or file level.

Question 3

PKI

Answer 3

Public key infrastructure, policies for public encryption keys

Question 4

Digital certificate

Answer 4

Public key cert. Binds public key with a digital signature.

Question 5

Certificate authority

Answer 5

Third party verifying a website’s certificate

Question 6

Self-signed certificate

Answer 6

Internal to network certificate. “Build your own CA”

Question 7

IAM

Answer 7

Identity and access management. Processes for manage data access with identity

Question 8

Least privilege

Answer 8

User should only have rights and permissions that they need, not anymore

Question 9

Role based access control

Answer 9

Access control based on roles. Windows uses Groups

Question 10

Geographic restriction

Answer 10

Network location based on IP address or geolocation. If it looks bad then ask for additional verification or locked out.

Question 11

AAA Framework

Answer 11

Authentication, authorization, accounting (keeping track of identity)

Question 12

Single Sign-on

Answer 12

Credentials given one time which gives access to all available resources. Limited by time

Question 13

RADIUS

Answer 13

Common AAA management

Question 14

LDAP

Answer 14

Protocol for reading and writing files over network

Question 15

x.500 distinguished name

Answer 15

Standardized attributes which can have assigned values

Question 16

SAML

Answer 16

Standard for authentication and authorization. Can’t be natively used on mobile devices

Question 17

TACACS

Answer 17

Terminal access controller access control system. Remote authentication protocol

Question 18

Multifactor authentication

Answer 18

Something you know/have/are/location

Question 19

TOTP

Answer 19

Time based one time password. Like steam authenticator

Question 20

Honeypots

Answer 20

For attracting hackers

Question 21

Honeynet

Answer 21

Honeypot network

Question 22

CIA triad

Answer 22

Confidentiality, integrity, availability

Question 23

Confidentiality

Answer 23

Prevent disclosure of info to unauthorized

Question 24

Integrity

Answer 24

Messages can’t be modified without detection

Question 25

Availability

Answer 25

Network and systems stay up and running

Question 26

Data localization

Answer 26

Laws may prohibit how or what kinds of data can be stored (ex: gdpr)

Question 27

GDPR

Answer 27

EU data regulation; EU data must stay in the EU. Users can choose what sites keep their data, can request removal of data from search engines

Question 28

PCI DSS

Answer 28

Credit card data protection. Protect data in motion, cardholder data, have vulnerability management program, access control measures, regular security testing, and have an info security policy

Question 29

Segmentation enforcement

Answer 29

Physical, logical, or virtual separation due to performance, security, or compliance

Question 30

IOT segmentation

Answer 30

IOT devices may be weak in security and should be segmented

Question 31

SCADA/ICS

Answer 31

Supervisory control and data acquisition system; industrial control systems PC manages equipment, distributed control system. Completely segmented

Question 32

Operational Technology

Answer 32

Industrial equipment like electric grids. Segmentation important.

Question 33

Guest network

Answer 33

Network for visitors, keeps from important bits.

Question 34

BYOD

Answer 34

Bring your own device. Employee brings own device, may have segmentation