Duplicate
Export
Register
CompTIA Security SY0-701 Certification Guide
1 Flashcard Deck
CompTIA Security SY0-701 Certification Guide
Study
CIANA Pentagon
An extension of the CIA triad with the addition of non-repudiation and authentication.
Non-repudiation is important for three main reasons
â– To confirm the authenticity of digital transactions â– To ensure the integrity of critical communications â– To provide accountability in digital processes
Digital Signatures
■Considered to be unique to each user who is operating within the digital domain ■Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
Delete
What is Information Security?
Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.
What is Information Systems Security?
Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.
What does the CIA Triad stand for?
Confidentiality, Integrity, and Availability.
What is the purpose of Confidentiality in the CIA Triad?
Ensures information is accessible only to authorized personnel (e.g., encryption).
What is the purpose of Integrity in the CIA Triad?
Ensures data remains accurate and unaltered (e.g., checksums).
What is the purpose of Availability in the CIA Triad?
Ensures information and resources are accessible when needed (e.g., redundancy measures).
What does Non-Repudiation guarantee?
That an action or event cannot be denied by the involved parties (e.g., digital signatures).
What are the Triple As of Security?
Authentication, Authorization, and Accounting.
What are the four categories of Security Control Types?
1. Preventative 2. Deterrent 3. Detective 4. Corrective.
What is the Zero Trust Model?
Operates on the principle that no one should be trusted by default.
What are the two planes used to achieve Zero Trust?
Control Plane and Data Plane.
What is a Threat in cybersecurity?
Anything that could cause harm, loss, damage, or compromise to our information technology systems.
What is a Vulnerability in cybersecurity?
Any weakness in the system design or implementation.
What is Risk Management in cybersecurity?
Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.
What is the importance of Confidentiality?
1. To protect personal privacy 2. To maintain a business advantage 3. To achieve regulatory compliance.
What is Encryption?
The process of converting data into a code to prevent unauthorized access.
What is Data Masking?
A method that involves obscuring specific data within a database to make it inaccessible for unauthorized users.
What is the importance of Integrity in cybersecurity?
1. To ensure data accuracy 2. To maintain trust 3. To ensure system operability.
What are some methods to maintain data integrity?
1. Hashing 2. Digital Signatures 3. Checksums 4. Access Controls 5. Regular Audits.
What is Availability in cybersecurity?
Ensures that information, systems, and resources are accessible and operational when needed by authorized users.
What is Redundancy in system design?
Duplication of critical components or functions of a system with the intention of enhancing its reliability.
What is Non-Repudiation?
Providing undeniable proof in the world of digital transactions.
What are the five commonly used authentication methods?
1. Something you know 2. Something you have 3. Something you are 4. Something you do 5. Somewhere you are.
What is Multi-Factor Authentication (MFA)?
A security process that requires users to provide multiple methods of identification to verify their identity.
What does Authorization pertain to?
The permissions and privileges granted to users or entities after they have been authenticated.
What is Accounting in cybersecurity?
A security measure that ensures all user activities during a communication or transaction are properly tracked and recorded.
What are the four broad categories of Security Controls?
1. Technical Controls 2. Managerial Controls 3. Operational Controls 4. Physical Controls.
What are the six basic types of Security Controls?
1. Preventive Controls 2. Deterrent Controls 3. Detective Controls 4. Corrective Controls.
What are Compensating Controls?
Alternative measures that are implemented when primary security controls are not feasible or effective.
What are Directive Controls?
Controls that guide, inform, or mandate actions. They are often rooted in policy or documentation and set the standards for behavior within an organization.
What is a Gap Analysis?
A process of evaluating the differences between an organization's current performance and its desired performance.
What steps are involved in conducting a Gap Analysis?
1. Define the scope of the analysis. 2. Gather data on the current state of the organization. 3. Analyze the data to identify any areas where the organization's current performance falls short of its desired performance. 4. Develop a plan to bridge the gap.
What is Technical Gap Analysis?
Involves evaluating an organization's current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions.
What is Business Gap Analysis?
Involves evaluating an organization's current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions.
What is a Plan of Action and Milestones (POAM)?
Outlines the specific measures to address each vulnerability, allocates resources, and sets up timelines for each remediation task needed.
What is Zero Trust?
Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin.
What is the Control Plane in Zero Trust architecture?
Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization.
What is Adaptive Identity in Zero Trust?
Relies on real-time validation that takes into account the user's behavior, device, location, and more.
What is Threat Scope Reduction?
Limits the user's access to only what they need for their work tasks, reducing the network's potential attack surface.
What is Policy-Driven Access Control?
Entails developing, managing, and enforcing user access policies based on their roles and responsibilities.
What are Secured Zones in a network?
Isolated environments within a network that are designed to house sensitive data.
What does the Data Plane do?
Ensures the policies are properly executed and consists of components like Subject System, Policy Engine, Policy Administrator, and Policy Enforcement Point.
What is a Threat Actor?
An individual or group that attempts to breach cybersecurity defenses.
What are common motivations of Threat Actors?
1. Data Exfiltration 2. Blackmail 3. Espionage 4. Service Disruption 5. Financial Gain 6. Philosophical/Political Beliefs 7. Ethical Reasons 8. Revenge 9. Disruption/Chaos 10. War.
What are Internal Threat Actors?
Individuals or entities within an organization who pose a threat to its security.
What are External Threat Actors?
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses.
What defines an Unskilled Attacker?
An individual with limited technical expertise who uses readily available tools.
What are Hacktivists?
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain.
What are common tactics employed by Hacktivists?
1. Website Defacement 2. Distributed Denial of Service (DDoS) Attacks 3. Doxing 4. Leaking of Sensitive Data.
What distinguishes Organized Cyber Crime?
Groups or syndicates that have banded together to conduct criminal activities in the digital world for illicit gain.
What motivates Nation-state Actors?
They are motivated to achieve their long-term strategic goals and are not seeking financial gain.
What are Insider Threats?
Cybersecurity threats that originate from within the organization.
What is Shadow IT?
Use of information technology systems, devices, software, applications, and services without explicit organizational approval.
What is a Threat Vector?
Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload.
What is an Attack Surface?
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.
What are message-based threat vectors?
Threats delivered via email, SMS text messaging, or other forms of instant messaging.
What are image-based threat vectors?
Embedding of malicious code inside an image file by the threat actor.
What are file-based threat vectors?
Files, often disguised as legitimate documents or software, designed to exploit vulnerabilities.
What is Vishing?
Vishing is the use of voice calls to trick victims into revealing their sensitive information to an attacker.
What is baiting in the context of removable devices?
Baiting is a technique used by attackers where they leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization.
What are unsecure networks?
Unsecure networks include wireless, wired, and Bluetooth networks that lack the appropriate security measures to protect them.
What can happen if wireless networks are not properly secured?
Unauthorized individuals can intercept the wireless communications or gain access to the network.
What is MAC Address Cloning?
MAC Address Cloning is a technique where an attacker copies the MAC address of a legitimate device to impersonate it on a network.
What is VLAN Hopping?
VLAN Hopping is a method used by attackers to access traffic on a different VLAN by exploiting vulnerabilities.
What is BlueBorne?
BlueBorne is a set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without user interaction.
What is BlueSmack?
BlueSmack is a type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device.
What are Tactics, Techniques, and Procedures (TTPs)?
Tactics, Techniques, and Procedures (TTPs) refer to specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors.
What are Honeypots?
Honeypots are decoy systems or networks set up to attract potential hackers.
What is a Honeynet?
A Honeynet is a network of honeypots designed to create a more complex system that mimics an entire network of systems.
What are Honeyfiles?
Honeyfiles are decoy files placed within a system to lure in potential attackers.
What are Honeytokens?
Honeytokens are pieces of data or resources that have no legitimate value or use but are monitored for access or use.
What are bogus DNS entries?
Bogus DNS entries are fake Domain Name System entries introduced into a system's DNS server.
What is port triggering?
Port Triggering is a security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected.
What is spoofing fake telemetry data?
Spoofing fake telemetry data involves configuring a system to respond to network scans by sending out fake telemetry or network data.
What is Physical Security?
Physical Security refers to measures to protect tangible assets, buildings, and people from harm or unauthorized access.
What are fencing and bollards?
Fencing and Bollards are physical security controls; fencing consists of barriers made of posts and wire or boards, while bollards are short, sturdy vertical posts controlling or preventing vehicle access.
What is brute force in terms of physical security?
Brute Force refers to a type of attack where access to a system is gained by trying all possibilities until successful.
What is forcible entry?
Forcible entry is the act of gaining unauthorized access to a space by physically breaking or bypassing barriers such as windows, doors, or fences.
What is the purpose of surveillance systems?
Surveillance systems are organized strategies designed to observe and report activities in a given area.
What components make up a surveillance system?
Components include video surveillance, security guards, lighting, and sensors.
What are access control vestibules?
Access control vestibules are double-door systems designed to ensure that only one door can be open at a time, preventing piggybacking and tailgating.
What is the difference between piggybacking and tailgating?
Piggybacking involves consent from the person with legitimate access, while tailgating does not.
What is access badge cloning?
Access badge cloning is the process of copying data from an RFID or NFC card onto another card or device.
What are some methods to stop access badge cloning?
Methods include implementing advanced encryption, using Multi-Factor Authentication (MFA), regularly updating security protocols, and educating users.
What is Social Engineering?
Social Engineering is a manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces.
What motivational triggers are used by social engineers?
Motivational triggers include familiarity and likability, consensus and social proof, authority and intimidation, and scarcity and urgency.
What is impersonation in social engineering?
Impersonation is a technique where the attacker pretends to be someone else to gain unauthorized access.
What are the types of phishing attacks?
Phishing, Vishing, Smishing, Spear Phishing, Whaling, Business Email Compromise.
Define phishing.
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers.
What is spear phishing?
More targeted form of phishing used by cybercriminals who focus on a specific group of individuals or organizations, resulting in a higher success rate.
What is whaling in the context of phishing?
A form of spear phishing that targets high-profile individuals, like CEOs or CFOs, aiming to compromise their accounts for subsequent attacks.
What is business email compromise (BEC)?
A sophisticated type of phishing attack that targets businesses by taking over a legitimate business email account to conduct unauthorized actions.
What is vishing?
Voice phishing, where the attacker tricks victims into sharing personal or financial information over the phone.
What is smishing?
SMS phishing, which involves using text messages to deceive individuals into providing personal information.
What is impersonation in social engineering?
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.
What are the consequences of impersonation attacks?
Unauthorized access, disruption of services, complete system takeover.
What is brand impersonation?
A specific form of impersonation where an attacker pretends to represent a legitimate company or brand, often using logos and language to create deceptive communications.
What is typosquatting?
A form of cyber attack where an attacker registers a domain name similar to a popular website with typographical errors.
What are watering hole attacks?
Targeted cyber attacks where attackers compromise a trusted website that their target is known to use.
What is pretexting?
Creating a fabricated scenario to manipulate targets by impersonating trusted figures to gain trust.
What are the six main types of motivational triggers used by social engineers?
Authority, Urgency, Social Proof, Scarcity, Likability, Fear.
Define authority as a motivational trigger.
The willingness of individuals to comply with requests they believe come from someone in a position of authority.
Explain the concept of urgency as a motivational trigger.
A compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly.
What is social proof in psychological terms?
A psychological phenomenon where individuals look to the behaviors of others to determine their own decisions or actions.
Define scarcity in the context of motivational triggers.
The psychological pressure people feel when they believe a product, opportunity, or resource is limited.
What is the likability trigger in social engineering?
Most people want to interact with people they like, and social engineers exploit this by creating a sense of common interest or friendship.
What does fear signify in social engineering attacks?
These attacks focus on threatening the target with consequences if they do not comply with the attacker’s demands.
What should organizations do to mitigate impersonation attacks?
Provide regular security awareness training to employees.
What is the difference between identity fraud and identity theft?
Identity fraud involves using another person's personal information for financial gain, while identity theft involves assuming someone's identity completely.
What are influence campaigns?
Coordinated efforts to affect public perception or behavior towards a particular cause, often involving misinformation and disinformation.
Define misinformation.
False or inaccurate information shared without harmful intent.
Define disinformation.
The deliberate creation and sharing of false information with the intent to deceive or mislead.
What is shoulder surfing?
Looking over someone's shoulder to gather personal information, often using high-powered cameras.
What is dumpster diving?
Searching through trash to find valuable information, such as discarded documents containing personal or corporate information.
What is baiting in social engineering?
Leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim.
What is the definition of malware?
Malicious software designed to infiltrate computer systems and potentially damage them without user consent.
What are the categories of malware?
Viruses, Worms, Trojans, Ransomware, Spyware, Rootkits, Spam.
What is a threat vector?
The method used to infiltrate a victim's machine, such as unpatched software or phishing campaigns.
What is an attack vector?
Means by which the attacker gains access and infects the system, combining the infiltration method and infection process.
What are indicators of a malware attack?
Account lockouts, blocked content, inaccessibility, strange email addresses, missing logs, and documented attacks.
What is a computer virus?
Malicious code that runs on a machine without the user's knowledge, allowing the code to infect the computer.
What is a boot sector virus?
A virus stored in the first sector of a hard drive that loads into memory whenever the computer boots up.
What is a macro virus?
A form of code embedded inside another document that executes when the document is opened.
What is a polymorphic virus?
A virus designed to hide itself from detection by encrypting its malicious code.
What is a metamorphic virus?
A metamorphic virus is a version of an encrypted virus that changes its code each time it is executed, altering the decryption module to evade detection.
What does the stealth technique in malware refer to?
Stealth is a technique used to prevent the virus from being detected by anti-virus software.
What is an armored virus?
An armored virus has a layer of protection to confuse a program or person analyzing it.
What is a hoax in the context of cybersecurity?
A hoax is a form of technical social engineering that attempts to scare end users into taking undesirable actions on their system.
What are worms in computer security?
Worms are pieces of malicious software, similar to viruses, that can replicate themselves without user interaction and spread throughout a network.
What are the two main reasons worms are dangerous?
1. They can infect workstations and other computing assets. 2. They cause disruptions to normal network traffic due to their constant replication efforts.
What is a Trojan?
A Trojan is a piece of malicious software disguised as harmless or desirable software, claiming it will perform a needed function.
What is a Remote Access Trojan (RAT)?
A RAT is a type of Trojan widely used by attackers to gain remote control of a victim's machine.
What is ransomware?
Ransomware is a type of malicious software designed to block access to a computer system or its data by encrypting it until a ransom is paid.
What are some ways to protect against ransomware?
1. Conduct regular backups. 2. Install software updates regularly. 3. Provide security awareness training to users. 4. Implement Multi-Factor Authentication (MFA).
What should you do if you become a victim of ransomware?
1. Never pay the ransom. 2. Disconnect the infected machine from the network. 3. Notify the authorities. 4. Restore data and systems from known good backups.
What is a botnet?
A botnet is a network of compromised computers or devices controlled remotely by malicious actors.
What is a zombie in the context of a botnet?
A zombie is a compromised computer or device that is part of a botnet, used to perform tasks via remote commands from the attacker.
What is a command and control node?
A command and control node is the computer responsible for managing and coordinating the activities of other nodes or devices within a botnet.
What is a Distributed Denial-of-Service (DDoS) attack?
A DDoS attack occurs when many machines target a single victim and attack them simultaneously.
What is a rootkit?
A rootkit is designed to gain administrative level control over a computer system without being detected.
What is the highest level of permissions account called in a computer system?
The highest level of permissions account is called the Administrator account.
What is kernel mode?
Kernel mode is when a system operates at the highest permission level (Ring 0), allowing it to control access to device drivers and similar resources.
What technique do rootkits use to hide from detection?
Rootkits often use DLL injection to gain deeper access and hide from the operating system.
What is a backdoor in computer security?
A backdoor is originally placed in computer programs to bypass normal security and authentication functions, often used by threat actors to maintain persistent access.
What is a logic bomb?
A logic bomb is malicious code inserted into a program that executes only when certain conditions are met.
What is a keylogger?
A keylogger is software or hardware that records every keystroke made on a computer or mobile device.
What are the two types of keyloggers?
1. Software keyloggers, which are malicious programs installed on a victim's computer. 2. Hardware keyloggers, which are physical devices that resemble USB drives or are embedded in keyboard cables.
How can organizations protect themselves from keyloggers?
1. Perform regular updates and patches. 2. Use quality antivirus and antimalware solutions. 3. Conduct phishing awareness training. 4. Implement multi-factor authentication. 5. Encrypt keystrokes. 6. Perform physical checks of devices.
What is spyware?
Spyware is malicious software designed to gather and send information about a user or organization without their knowledge.
How can spyware be installed on a system?
Spyware can be installed bundled with other software, through malicious websites, or when users click on deceptive pop-up ads.
What is bloatware?
Bloatware is any software that comes pre-installed on a new device that the user did not specifically request, which can slow down performance and introduce security vulnerabilities.
What is the importance of data protection?
Data protection involves safeguarding information from corruption, compromise, or loss.
What are the states of data?
1. Data at rest 2. Data in transit 3. Data in use.
What is Data Loss Prevention (DLP)?
DLP is a strategy to prevent sensitive information from leaving an organization.
What is the importance of data classification?
Data classification helps allocate appropriate protection resources, prevents over-classification, and requires proper policies for identifying and classifying data accurately.
What are some data protection methods?
1. Disk encryption 2. Communication tunneling 3. Geographic restrictions 4. Hashing 5. Masking 6. Tokenization 7. Obfuscation 8. Segmentation 9. Permission restriction.
What are common indicators of malware attacks?
1. Account lockouts. 2. Concurrent session utilization. 3. Blocked content. 4. Impossible travel. 5. Resource consumption. 6. Resource inaccessibility. 7. Out-of-cycle logging. 8. Missing logs. 9. Published or documented attacks.
What type of information does 'Confidential' classification include?
Personnel or salary information, trade secrets, intellectual property, source code, etc.
What is the definition of 'Critical' information?
Extremely valuable and restricted information.
What are the Government Classification Levels?
1. Unclassified: Generally releasable to the public. 2. Sensitive but Unclassified: Includes medical records, personnel files, etc. 3. Confidential: Contains information that could affect the government. 4. Secret: Holds data like military deployment plans, defensive postures. 5. Top Secret: Highest level, includes highly sensitive national security information.
What are legal requirements for data retention?
Depending on the organization's type, there may be legal obligations to maintain specific data for defined periods.
What should organizational documentation outline regarding data?
Organizational policies should clearly outline data classification, retention, and disposal requirements.
Why is it important to understand data classifications?
Understanding data classifications and their proper handling is vital for protecting sensitive information and complying with relevant regulations.
What is the process of Data Ownership?
Identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets.
Who is a Data Owner?
A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls.
What role does a Data Controller play?
Entity responsible for determining data storage, collection, and usage purposes and methods, as well as ensuring the legality of these processes.
What is a Data Processor?
A group or individual hired by the data controller to assist with tasks like data collection and processing.
What is the focus of a Data Steward?
Focuses on data quality and metadata, ensuring data is appropriately labeled and classified, often working under the data owner.
What does a Data Custodian do?
Responsible for managing the systems on which data assets are stored, including enforcing access controls, encryption, and backup measures.
What is the role of a Privacy Officer?
Oversees privacy-related data, such as personally identifiable information (PII), sensitive personal information (SPI), or protected health information (PHI), ensuring compliance with legal and regulatory frameworks.
Who should the Data Owners be according to the data ownership responsibility?
Data owners should be individuals from the business side who understand the data's content and can make informed decisions about classification.
Why is proper data ownership essential?
Proper data ownership is essential for maintaining data security, compliance, and effective data management within an organization.
What are the data states?
1. Data at Rest: Data stored in databases, file systems, or storage systems, not actively moving. 2. Data in Transit: Data actively moving from one location to another, vulnerable to interception. 3. Data in Use: Data actively being created, retrieved, updated, or deleted.
What is Full Disk Encryption (FDE)?
Encrypts the entire hard drive.
What is Partition Encryption?
Encrypts specific partitions, leaving others unencrypted.
What is File Encryption?
Encrypts individual files.
What is Volume Encryption?
Encrypts selected files or directories.
What is Database Encryption?
Encrypts data stored in a database at column, row, or table levels.
What is Record Encryption?
Encrypts specific fields within a database record.
What is Transport Encryption?
Methods used to secure data in transit, like SSL (Secure Sockets Layer) and TLS (Transport Layer Security).
What is a VPN?
Virtual Private Network creates secure connections over less secure networks like the internet.
What is IPSec?
Internet Protocol Security secures IP communications by authenticating and encrypting IP packets.
What are protection measures for Data in Use?
Encryption at the application level, access controls restricting access to data during processing, and secure enclaves for processing sensitive data.
What is Regulated Data?
Data controlled by laws, regulations, or industry standards, such as GDPR and HIPAA.
What is PII?
Personally Identifiable Information, information used to identify an individual, e.g., names, social security numbers, addresses.
What does PHI stand for?
Protected Health Information, which is information about health status, healthcare provision, or payment linked to a specific individual.
What are Trade Secrets?
Confidential business information giving a competitive edge, such as manufacturing processes, marketing strategies, or proprietary software.
What is Intellectual Property (IP)?
Creations of the mind, such as inventions, literary works, and designs, protected by patents, copyrights, and trademarks.
What is Legal Information?
Data related to legal proceedings, contracts, and regulatory compliance requiring high-level protection for client confidentiality and legal privilege.
What is Financial Information?
Data related to financial transactions, targeted by cybercriminals for fraud and identity theft, and subject to PCI DSS.
What is Human-Readable Data?
Data that is understandable directly by humans, such as text documents and spreadsheets.
What is Non-Human-Readable Data?
Data that requires machine or software to interpret, such as binary code.
What is Data Sovereignty?
Digital information subject to the laws of the country where it is located.
What does GDPR stand for?
General Data Protection Regulation, which protects EU citizens' data within EU and EEA borders.
What is a challenge for multinational companies regarding Data Sovereignty?
Data sovereignty laws require data storage and processing within national borders.
What is Geofencing?
Virtual boundaries to restrict data access based on location, ensuring compliance with data sovereignty laws.
What is encryption?
Transforming plaintext into ciphertext using algorithms and keys to protect data at rest and in transit.
What is hashing?
Converts data into fixed-size hash values, an irreversible one-way function commonly used for password storage.
What is masking?
Replacing some or all data with placeholders, partially retaining metadata for analysis, and serving as an irreversible de-identification method.
What is tokenization?
Replacing sensitive data with non-sensitive tokens while storing the original data securely.
What is obfuscation?
Making data unclear or unintelligible using various techniques.
What is Data Loss Prevention (DLP)?
Aims to monitor data in use, in transit, or at rest to detect and prevent data theft.
What are the types of DLP Systems?
1. Endpoint DLP System: Installed as software on workstations; monitors data in use. 2. Network DLP System: Monitors data entering and leaving the network. 3. Storage DLP System: Inspects data at rest. 4. Cloud-Based DLP System: Protects data stored in cloud services.
What is Cryptography?
Practice and study of writing and solving codes, specifically, encryption to hide information's true meaning.
What is symmetric encryption?
Uses the same key for encryption and decryption.
What is asymmetric encryption?
Uses a pair of keys for encryption and decryption.
What is the importance of key rotation?
It is a best practice for security longevity.
What are the symmetric algorithms mentioned?
DES, Triple DES, IDEA, AES, Blowfish, Twofish, Rivest Cipher.
What is a Hash Function?
Converts data into a fixed-size string digest.
What is Public Key Infrastructure (PKI)?
Framework managing digital keys and certificates for secure data transfer.
What is a Digital Certificate?
Electronic credentials verifying entity identity for secure communications.
What is Blockchain?
Decentralized, immutable ledger ensuring data integrity and transparency.
What are cryptographic attacks?
Downgrade attacks, collision attacks, and threats from quantum computing.
What is the hybrid approach in encryption?
Combines both symmetric and asymmetric encryption for optimal benefits.
What is a stream cipher?
Encrypts data bit-by-bit or byte-by-byte in a continuous stream.
What is a block cipher?
Breaks input data into fixed-size blocks before encryption.
What is the DES (Data Encryption Standard)?
Uses a 64-bit key, encrypts data in 64-bit blocks through 16 rounds of transposition and substitution.
What is AES (Advanced Encryption Standard)?
Replaced DES and 3DES as the US government encryption standard; supports 128-bit, 192-bit, or 256-bit keys.
What is the difference between symmetric and asymmetric encryption?
Symmetric uses a single key for both encryption and decryption; asymmetric uses two separate keys.
What is the function of the public key in asymmetric encryption?
Used for encryption.
What is the function of the private key in asymmetric encryption?
Used for decryption.
What is the process of creating a Digital Signature?
1. Create a hash digest of the message. 2. Encrypt the hash digest with the sender's private key. 3. Encrypt the message with the receiver's public key.
What are the key benefits of using Digital Signatures?
Ensures message integrity, non-repudiation, and confidentiality.
What is Diffie-Hellman used for?
Key exchange and secure key distribution.
What are the vulnerabilities associated with Diffie-Hellman?
Vulnerable to man-in-the-middle attacks and requires authentication.
What is RSA and who invented it?
RSA is an algorithm for key exchange, encryption, and digital signatures invented by Ron Rivest, Adi Shamir, and Leonard Adleman.
What is the mathematical basis of RSA?
Relies on the mathematical difficulty of factoring large prime numbers.
What are the key sizes supported by RSA?
Supports key sizes from 1024 to 4096 bits.
What is Elliptic Curve Cryptography (ECC)?
A method that is efficient and secure, using the algebraic structure of elliptic curves.
Where is ECC commonly used?
Commonly used in mobile devices and low-power computing.
How much more efficient is ECC compared to RSA for equivalent security?
Six times more efficient.
What are the variants of ECC?
ECDH (Elliptic Curve Diffie-Hellman), ECDHE (Elliptic Curve Diffie-Hellman Ephemeral), and ECDSA (Elliptic Curve Digital Signature Algorithm).
What is Hashing?
A one-way cryptographic function that produces a unique message digest from an input.
What is a Hash Digest?
A hash digest is like a digital fingerprint for the original data, always of the same length regardless of the input's length.
What is MD5?
MD5 is a hashing algorithm that creates a 128-bit hash value.
What are the vulnerabilities of MD5?
Limited unique values, leading to collisions; not recommended for security-critical applications.
What does SHA stand for?
Secure Hash Algorithm Family.
What does SHA-1 produce?
A 160-bit hash digest, which is less prone to collisions than MD5.
What are the different versions of SHA-2?
SHA-224, SHA-256, SHA-384, SHA-512.
What does SHA-3 offer?
Uses 224-bit to 512-bit hash digests and is more secure with 120 rounds of computations.
What is RIPEMD?
RACE Integrity Primitive Evaluation Message Digest, available in 160-bit, 256-bit, and 320-bit versions.
What is HMAC?
Hash-based Message Authentication Code that checks message integrity and authenticity.
What are the characteristics of Digital Signatures?
Uses a hash digest encrypted with a private key; verifies integrity of the message and ensures non-repudiation.
What is the Digital Security Algorithm (DSA)?
Utilized for digital signatures and creates a 160-bit message digest.
What is the Pass the Hash Attack?
A hacking technique allowing the attacker to authenticate to a remote server using the underlying hash of a user's password.
What is a Birthday Attack?
Occurs when two different messages result in the same hash digest collision, exploiting collisions in hashes.
What is Key Stretching?
A technique that mitigates a weaker key by creating longer, more secure keys at least 128 bits.
What is Salting in hashing?
Adding random data to passwords before hashing to ensure distinct hash outputs for the same password.
What does PKI stand for?
Public Key Infrastructure.
What are the components of PKI?
An entire system involving hardware, software, policies, procedures, and people based on asymmetric encryption.
What is the purpose of a Digital Certificate?
Digitally signed electronic documents that bind a public key with a user's identity.
What is a Wildcard Certificate?
Allows multiple subdomains to use the same certificate, making management easier.
What is the difference between Single-Sided and Dual-Sided Certificates?
Single-sided only requires the server to be validated, while dual-sided requires both server and user to validate each other.
What is a Root of Trust?
The highest level of trust in certificate validation, provided by trusted third-party providers.
What is a Certificate Authority (CA)?
A trusted third party that issues digital certificates and validates them.
What is the purpose of a Certificate Signing Request (CSR)?
A block of encoded text with information about the entity requesting the certificate, including the public key.
What is the Certificate Revocation List (CRL)?
A list maintained by CAs of all digital certificates that have been revoked.
What is Online Certificate Status Protocol (OCSP)?
Determines the revocation status of any digital certificate using the certificate's serial number.
What is Public Key Pinning?
Allows an HTTPS website to resist impersonation attacks by presenting trusted public keys to browsers.
What are Encryption Tools for Data Security?
TPM (Trusted Platform Module), HSM (Hardware Security Module), and Key Management System.
What does a Trusted Platform Module (TPM) do?
Protects digital secrets through integrated cryptographic keys and is used in BitLocker drive encryption.
What is a Hardware Security Module (HSM)?
A physical device for safeguarding and managing digital keys, ideal for mission-critical scenarios.
What is a Secure Enclave?
A coprocessor integrated into the main processor that is isolated for secure data processing.
What is the Blockchain?
A shared immutable ledger for transactions and asset tracking, widely associated with cryptocurrencies.
What are Smart Contracts?
Self-executing contracts with code-defined terms that execute actions automatically when conditions are met.
What does Decentralization in Blockchain refer to?
Eliminates the need for central authorities and empowers peer-to-peer networks.
What is a Digital Evolution in context with Blockchain?
Blockchain's potential to reshape traditional systems and offer transparency, efficiency, and trust.
Scholarly Assistant's Insights
Master CompTIA Security SY0-701 with key concepts and flashcards for effective study.
Security
Cybersecurity
Information Security
Network Security
Risk Management
+12 more
Ask Scholarly Assistant
Similar Pages
Login to Leave a Comment
Give your feedback, or leave a comment on a page to share your thoughts with the community.
Login