1
Q
What is the difference between authentication and authorization?
A
- Authentication: Verifying the identity of a user.
- Authorisation: Determining whether the authenticated user is permitted to perform a specific action
2
Q
How is authorization managed in access control models?
A
- subject level - what actions the user can perform
- object level - what actions are allowed on a specific resource
3
Q
What is the principle of least privilege?
A
Users should only be given the minimum access necessary to perform their job
reducing the risk of unauthorized access
4
Q
What are the two types of privilege escalation attacks?
A
- Vertical privilege escalation: Gaining access to a higher level account (e.g., user to admin).
- Horizontal privilege escalation: Gaining access to another user’s data or account at the same access level.
5
Q
common methods of executing privilege escalation attacks?
A
- Password guessing attacks.
- SQL injection attacks.
CS407
flashcards
Decks in class (31)
# Cards
-
Week 7 - SQL Injection15
-
Week 7 - Web Security Threats27
-
Week 7 - Malware28
-
Week 8 - Usable Security14
-
Week 8 - Social Engineering10
-
Week 8 - Phishing5
-
Week 8 - Advanced Persistent Threats5
-
Week 8 - Mitigating Human Factor Risks5
-
Week 8 - Threat Modelling26
-
Week 1 - Intro to Security12
-
Week 1 - Intro to Cryptography6
-
Week 1 - Cryptographic Hash Functions8
-
Week 1 - Substitution Cyphers5
-
Week 1 - Stream + Block Cypher7
-
Week 1 - Feistel Structure5
-
Week 1 - Modern Block Ciphers6
-
Week 1 - AES, Blowfish, Modes of Operation7
-
Week 2 - Diffie-Hellman Key Exchange3
-
Week 2 - Public Key Cryptography7
-
Week 2 - RSA8
-
Week 2 - Randomness + One-Time Pads12
-
Week 2 - Digital Signatures8
-
Week 2 - End to End Encryption4
-
Week 3 - Steganography2
-
Week 3 - LSB algorithm6
-
Week 3 - BPCS Algorithm9
-
Week 3 - Access Control4
-
Week 3 - Password Security10
-
Week 3 - Biometrics10
-
Week 3 - Authorisation5
-
Week 4 - Logging5
