TestOut Security Pro // CompTIA Security+ – Flashcards

The ability to permit or deny the privileges that users have when accessing resources on a network or computer.

Objects, subjects and system.

Data, applications, systems, networks and physical space.

Users, applications or processes that need access to an object.

The access control system includes the policies, procedures, and technologies, that're implemented to control a subject's access to an object.

Identifies the subject. Examples include a username or a user ID number.

The process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid.

The granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object.

Maintaining a record of a subject's activity within the information system.

Authentication. authorization and auditing.

Defines the steps & measures that are taken to control access to objects by subjects.

Deter intrusion or attacks.

Search for details about the attack or the attacker

Implement short-term repairs to restore basic functionality following an attack

Discourage continued or escalations of attacks during an attack

Restore the system to normal operations after the attack and short-term stabilization period.

Alternatives to primary access controls

Policies that describe accepted practices.

Computer Mechanisms that restrict access.

Restricts physical access

Example of a technical access control system that you use to manage and enforce access control policies.

MAC uses labels or attributes for both subjects and objects. Any operation by any subject on any object will be tested against a set of authorization rules to determine if the operation is allowed.

Assigned to objects by the owner

Assigned to subjects

Unstructured, local user accounts.

Allows you to sort and organize your user accounts by location, function and department. Allows you to replicate it.

Organization, delegation of administrator responsibilities, and replication.

A directory service that uses a hierarchical database to store user accounts.

Resources. (They can represent network resources, like printers.)

Security Principals, including users, computers and groups.

Every active directory object has attributes that're populated with values.

A list of attributes. Attributes from these lists are glued together to compose an object.

What types of objects can reside within other objects?

Objects within a single domain being organized into OU's.

Objects are grouped together into a domain, usually denoted by a triangle. Domains are identified by their DNS Namespace.

A collection of one or more domains that exsist within the same DNS Namespace.

Lets us have other users over

A collection of trees that share a common global catalog and a common directory schema.

You can have users with the exact same names, as long as they're in different domains.

Every user needs a unique name.

Holds a copy of the Active Directory database.

When a server joins the Active Directory domain, it becomes a member, but it doesn't have a copy of the domain database.

A form of cryptography that provides confidentiality with a weak form of authentication or integrity. It uses only one key to encrypt & decrypt data.

Involves manually distributing the key.

Uses mechanisms such as the following to distribute the key: Use of a key distribution algorithm or Asymmetric technology to encrypt key for distribution

Typically short, ranging from 56-bits to 512-bits.

Encrypts by transposing plain text in chunks (block-by-block). Fast; Process large amounts of data.

Data going through one substitution and transposition process.

Initialization Vector

Encryption is performed on each bit within the stream in real time. Slow; Process small amounts of data.

A sequence of bits which is used for encryption.

Produces long streams of bits with no patterns.

The most frequently used symmetric-key stream ciphers. 256bit & is used with WEP and SSL. Uses KSA and PRGA.

Original rules for encoding abstract info into a concrete data stream. Specifies a set of self-identifying & self-delimiting schemes which allow each data value to be identified, extracted & decoded individually.

Initialization Vector

Ron's Code v4 or Ron's Cipher v4

Basic Encoding Rules

Ron's Code v2 or Ron's Cipher v2

Ron's Code v5 or Ron's Cipher v5

International Data Encryption Algorithm

Pretty Good Privacy

Proposed Encryption Standard

Data Encryption Standard

Electronic Code Book

Cipher Block Chaining

Output Feedback

Cipher Feedback

Triple DES

Advanced Encryption Standard

Advanced RISC Machine

WiFi Protected Access 2

Keyed-hash Message Authentication Code

A function that takes a variable-length string, compresses it and transforms it into a fixed-length value.

Developed by RSA. Generates 128 bits.

Developed by NIST and NSA. Generates 160 bits.

Developed by COSIC. Generates 128, 160, 256, or 320 bits.

The downloaded file is complete, not corrupted whilst downloading, same as original and not virus-ridden.

The password is used as the key to perform a hash on a challenge text value, and only the hashed value is passed... not the password. The receiving host use the same method to compare.

A small change in the message results in a big change in the hashed value.

Two different messages produce the same hash value.

A hash algorithm's ability to avoid the same output from two guessed inputs.

A brute force attack where the attacked hashes messages until one with the same hash is found.

Open Systems Interconnection is a theoretical, 7-layer construct to explain how networking works.

Sets standards for sending and receiving electrical signals between devices.

Defines rules and procedures for hosts as they access the Physical layer, including how multiple nodes share and coordinate the use of the same physical segment of the network.

Describes how data is routed across networks and on to the destination.

TCP and UDP. Provides transition between upper and lower layers of OSI, making them transparent to each other.

Manages sessions in which data is transferred.

Presents data into compatible form.

Integrates network functionality into OS. (For example: proxy firewall, gateway services, etc)

Contain the MAC address and performs at Data Link layer.

Reliable data transmissions

Provides services that ensure accurate and timely delivery of network communications between two hosts. TCP is connection-oriented.

Provides services of network communications between two hosts. UDP is connectionless.

Operates at Data Link layer by reading the MAC address in a frame to make forwarding decisions.

serial signaling

modem signaling

cable specifications

connector specifications

A 32-bit binary number between 0 and 255, represented as four octets (four 8-bit numbers.)

Layer 3 address that is logically assigned to a host.

Layer 2 address that's physically assigned in the firmware of the NIC.

32-bit number associated with each IPv4 address

1.0.0.0 to 126.255.255.255

128.0.0.0 to 191.255.255.255

192.0.0.0 to 223.255.255.255

224.0.0.0 to 239.225.225.225

240.0.0.0 to 255.255.255.255

Translates multiple private addresses into the single registered IP address.

128-bit binary number

The first 64-bits.

Identifies the number of bits in the relevant portion of the prefix

The last 64-bits.

A program that attempts to damage a computer system and replicate itself to other computer systems.

A file that the virus uses as a host.

The virus only replicates when the activation mechanism is triggered.

The virus is programmed with this, which is usually to destroy, compromise, or corrupt data.

A virus that resides in a low-level system service functions where they intercept system requests and alter service outputs their presence.

A virus that is a combination of multiple attacks.

A virus that takes advantage of application programs that use macros to automate repetitive functions.

Process of counseling messages

Process of hiding messages

Readable Message

Unreadable message

Person who develops a converting plan

Recovering original data that has been encrypted w/o key

Associated items of cryptographic

Study of cryptography and cryptanalysis

Variable in a cipher used to encrypt/decrpt a message

Process or formula used to convert a message into its meaning

Changes the position of characters in the plain text

Replaces one set of characters with symbols or another character set

Hidden words with unrelated terms

Method in which the plain text is converted to binary and combined with a string of randomly generated binary numbers

Process of using an algorithm to transform data from plain text to cipher text

Procedure used to convert data from cipher text into plain text

Uses a series of photons to encrypt and send messages

Seed value used in encryption

Retrieve as much info as possible

Attacker tries every known key combination

Exploits a structural weakness in the algorithms

Exploits weakness in the design of a cryptosystem

Occurs when different keys produce the same cuphertext

Attacker gets between two communicating parties

Uses known words and common variations

Attack attempts to trick a user into accepting a fake or spoofed certificate

Tries to exploit information about the physical implementation f a cryptosystem

Users must prove that they are who they say they are

Password only valid for a set time

Remember passwords so the user can't re-use passwords

Harder passwords

Let the user be able to admin their passsword

Disables a user account after a specified number of incorrect logon attempts

Number of incorrect logon attempts that are allowed before the account is locked

Allow login only during certain days/hours, only from specific computers

Control the composition and use of passwords

Enable account lockout

Account will be locked after 9 incorrect attempts

Users cannot change the password for 2 days.

Prevents using passwords that are easy to guess or easy to crack

Forces users to change the password after the specified time interval

Prevent users from changing passwords too soon

Group Policy Object

Machine Policies

Local Group Policy, GPOs Linked to the domain, GPOs linked to the OU

Only the location it is applied to

Built-In Containers

Object that identifies a set of users with similar access needs

Process of controlling access to resources

DACL

Implementation of discretionary access control

SACL

Used by Microsoft for auditing to identify past actions performed by users on an object

Object that can be given permission to an object

Access rights are cumulative

Always override Allow permissions

Access to more than one entity

Sophistication - Complication of attacks Proliferation - Volume of attacks Scale & Velocity - Size of attacks

Integrity keeps the item fully in-tack and not messed with, non-repudiation always givens authentication

Encryption

Confidentiality Integrity Availability

Authentication

Reduce the risk for an attack

Employee Spy Hacker

Mandatory Access Control

Discretionary Access Control

Role-Based Access Control

Rule Set-Based Access Control

Authentication, Authorization, Accounting

Federated Access Control

Data, application, systems, networks, physical space

Users, applications, processes.

Needs access to objects

Identifies the subject

Validating a subject identity

Granting or denying a subject access

Maintaining a record of a subject's activity

Maintaining a record of a subject's activity

Deter intrusion or attacks

Search for details about the attack or the attacker

Implement short-term repairs to restore basic functionality following an attack

Discourage continued or escalations of attacks during an attack

Restore the system to normal operations after the attack

Policies that describe accepted practices

Computer mechanisms that restrict access

Restrict physical access

Labels or attributes for subjects and objects

Assigns access directly to subject based on decision of the owner. Manages access using identity

Allows access based on a role in an organization

Characteristics of objects or subjects along with rules, to restrict access

Matrix of access control objects, subjects, and their associated rights

Provide an interface for implementing an ACL

TRBAC

Allows for role-based access control rules to only be in effect fora certain time period

Prevents users from determining the read/white/execute rights for a file

CDAC

Protects databases that contains sensitive information from a breach of privacy

CBAC

Mostly used to expand the decision-making capabilities of a firewall application

VBAC

Type of constrained user interface used to control a subject's access

Keep secrets a secret

Ensures that information is not corrupted or altered

Arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group

TBAC

Individual work tasks assign privileges

No write down

Controlled intermediary access applications that prevent direct access to the back-end database

Prevent conflicts of interest by dynamically adjusting access based on current activity

Users/Groups are only given access to what they need for their job, nothing more

Only allowed access if you need to know/use

Having more than one person to complete a task

Users are denied access unless they have been granted access

Identifies users who are not allowed access

Staff are cross trained in different areas

Layered defenses at each level.

Deter intrusion or attacks

Process of cleaning a devices by having all data removed

Escalation of privilege