.png){kind=logo}
1
CORRECT WELL DETAILED ANSWERS|LATEST
PASS CIA Triad - ANSWER security concepts Confidentiality, Integrity, Availability
DAD - ANSWER Negative concept of the CIA triad Disclosure, alteration and denial
Parkerian Hexad - ANSWER more complex CIA triad possession , availability, confidentiality ,integrity, authenticity and utility.
Possession or Control - ANSWER physical disposition where data is stored example encryption causes a possession problem unencrypted causes a confidentiality problem and possession problem.
Authenticity - ANSWER data in question was attributed by the proper owner or creator example sending a email message that was altered so it appears to be the actual one violates authenticity.
Utility - ANSWER refers to how useful the data is to you
Interception - ANSWER unauthorized user access data, applications , or environments primarily attacks against confidentiality.
Interruption - ANSWER attacks make data unusable or unavailable ''temporary or permanent''
- / 4
2
Modification - ANSWER attack involves tampering with an asset primarily considered attacks on integrity could also represent attacks on integrity could also represent attacks on availability
Fabrication - ANSWER attacks involved generating data, processes, communication or something similar with a system. affects integrity but could also affect availability.
Identify Assets - ANSWER knowing what dat consist of and evaluate the importance of each.
Identify Threats - ANSWER useful to use CIA Triad or Parkerian Hexad.
Confidentiality Ex - ANSWER Ex:when data is expose you could have a breach.
Integrity Ex - ANSWER Ex; If data becomes corrupt you may incorrectly process payments.
Availability Ex - ANSWER Ex; If the system or application goes down, you won't be able to process payments.
Possession Ex - ANSWER Ex; If you lose backup media you could potentially have a breach.
Authenticity Ex - ANSWER Ex;If you don't have authentic customer information you may process a fraudulent transaction.
Utility Ex - ANSWER Ex; If you collect invalid or incorrect data that dat will have limited utility.
- / 4
3
Incident Response - ANSWER Preparation, detection and analysis containment, fabrication Recovery, post- incident activity
External Network - ANSWER DMZ, VPN, Logging,Auditing,Penetration testing, Vulnerability analysis
Network Perimeter - ANSWER Firewalls, proxy, Logging, Stateful Packet inspection, Auditing, Penetration testing, vulnerability analysis
Internal Network - ANSWER IDS, IPS, Logging, Auditing, Penetration testing, Vulnerability analysis
Host - ANSWER Authentication ,antivirus, firewall IDS,IPS, Password, Hashing, Logging auditing, Penetration testing, vulnerability analysis
DMZ - ANSWER Demilitarized zone exposes an organization external facing services to an untrusted usually lager network such as the internet.
IDS - ANSWER Intrusion Detection System works in the internal network
IPS - ANSWER Intrusion Prevention System works in the internal network
Application - ANSWER SSO, content filtering , data validation, auditing, penetration testing,vulnerability analysis
SSO - ANSWER Single sing-on
Data - ANSWER Encryption, access controls, backups, Penetration Testing, Vulnerability analysis. 3 / 4
4
Identification - ANSWER Assertion of who we are .
Authentication - ANSWER Set of methods use to establish or claim ones identity
FAR - ANSWER False Acceptance Rate
FRR - ANSWER False Rejection Rate
EER - ANSWER Equal Error Rate
Hardware Token - ANSWER small device , typically in general form factor size and shape of credit card or keychain fob, simple ones look identical to ''Universal Serial Bus USB'' and contain certificate or unique identifier often called ''dongles''
Complex hardware token - ANSWER incorporate liquid crystal display "LCD" security includes passwords, biometric readers, wireless device and additional features to enhance security
Mutual Authentication - ANSWER Both parties authenticate each other
Access Control - ANSWER for allowing access, denying access, limiting access and revoking access.
Sandboxes - ANSWER isolated environments containing a set of resources for a given purpose example Java virtual machine "JVM"
Access Control List (ACL) - ANSWER are a list containing info about what kind of access certain parties are allowed to have to a given system.
- / 4
.png)