Fundamentals of IT WGU

Fundamentals of IT WGU Leave the first rating Students also studied Terms in this set (126) Science Computer Science Computer Security and Reliability Save COMPTIA IT Fundamentals Certifica...34 terms Tom_OmerzaPreview WGU fundamentals of IT 201 terms melaniemvgv4 Preview IT Fundamentals Practice Test Quest...33 terms MilanAnderson01 Preview IT Fund 98 terms esw Practice questions for this set Learn1 / 7Study using Learn technique used by attackers to intercept and read network traffic. Allows attacker to see data being sent over network.CIA TriadConfidentiality, Integrity, Availability CIA Confidentialallowing only those authorized to access the data requested CIA IntegrityKeeping data unaltered in an unauthorized manner and reliable Choose an answer 1fuzzers2packet sniffers 3port scanners4sql injections Don't know?

CIA AvailabilityThe ability for those authorized to access the data when needed Perkerian HexadConfidentiality, integrity, availability, utility, possession, authenticity Perkerian Hexad ConfidentiallityAllowing only those authorized to access the data requested Perkerian Hexad IntegrityKeeping data unaltered without detection Perkerian Hexad Availabilitythe ability to access the data when needed Perkerian Hexad PossessionPhysical deposition of the media on which the data is stored Perkerian Hexad AuthenticityAllows us to talk about the proper attribution as to the owner or creator of the data in question Perkerian Hexad UtilityHow useful the data is to us attack typesinterception, interruption, modification, fabrication interceptionan attacker has access to data, applications, or environment interruptionattacks cause our assets to become unusable or unavailable modificationattacks involve tampering with our asset fabricationattacks that create false information threatsomething that has potential to cause harm Vulnerabilityweaknesses that can be used to harm us AuthenticationVerifying the person is who they claim to be something you knowusername, password, pin Something you haveID Badge, swipe card, OTP Something you arefingerprint, iris, retina scan somewhere you aregeolocation something you dohandwriting, typing, walking mutual authenticationboth parties in a transaction to authenticate each other, prevents man in the middle attacks, has digital certificates.Risk management processidentify asset, identify threats, assess vulnerabilities, assess risk, mitigate risk

identify assetidentifying and categorizing assets that we're protecting Identify threatsidentify threats assess vunerabilitieslook for impacts assess riskasses the risk overall mitigate riskensure that a given type of threat is accounted for Incident response processpreparation, detection and analysis (identification), containment, eradication, recovery, post-incident activity preparationfirst step in incident response process. activities that we can perform in advance of an incident in order to better enable us to handle it.detection and analysis (identification)second step in incident response process. detect the occurrence of an issue and decide whether or not its actually an incident, so that we can respond appropriately to it.containmentthird step in incident response process. Involves taking steps to ensure situation does not cause any more damage than it already has, or to at least lessen any ongoing harm.eradicationfourth step in incident response process. Attempt to remove effects of issues from our environment recoveryfifth step in incident response process. Restoring devices or data to pre-incident state (rebuilding systems, reloading applications, back up media) post incident activitysixth step in incident response process. Determine specifically what happened, why it happened, and what we can do to keep it from happening again.Authorizationwhat the user can access, modify, and delete Least privilegegiving the bare minimum level of access it needs to perform its job/functionality access controlallowing, denying, limiting, revoking allowinglets us give a particular party access to a given source denyingopposite of gaining access limitingallowing some access to our resource, only up to a certain point revokingtakes access away from a former user access control listinfo about what kind of access certain parties are allowed to have to a given system (read, write, execute)

Network ACLfilter access rules for incoming and outgoing network transactions, such as Internet Protocol (IP) addresses, Media access control (MAC) addresses, and ports.Discretionary (DAC)owner of resources determines who getss access and what level mandatory (mac)separate group or individual (from owner) has the authority o set access to resources.rule basedallows access according to a set of rules defined by the system administrator.attribute basedbased on attributes, such as of a person, resource, or an environment.role based (RBAC)Functions access controls set by an authority responsible for doing so, rather than by the owner of the resource.accountabilityrefers to making sure that a person is responsible for their actions. It provides us a means to trace activities in our environment back to their source. Depends on identification, authentication, and access control being present so that we can know who a given transaction is associated with and what permissions were used to allow them to carry it out.nonrepudiationsituation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action Intrusion detection (IDSes)monitors and reports malicious events.intrusion prevention (IPSes)takes actions when malicious events occur auditingexamination and review of an organizations records to ensure accountability through technical means penetration testingmimicking, as closely as possible, the techniques an actual attack would use.cryptographypractice of keeping information secure through the use of codes and ciphers symmetric cryptographyencryption that uses a single key to encrypt and decrypt a message (aka the private key cryptography) block ciphertakes a predetermined number of bits, known as a block, in the plaintext message and encrypts that block.stream cipherencrypts each bit in the plaintext message, 1 bit at a time.DESblock cipher based on symmetric key cryptography and uses a 56-bit key. Not that secure any more.3DESDES used to encrypt each block three times, each with a different key