5.1 Security+ Knowledge Assessment Flashcard

Role-Based Access Control (RBAC) is designed around the principles of least privilege and separation of duties, ensuring users have only the access necessary for their roles, thus enhancing security.

HTTPS (Hypertext Transfer Protocol Secure) is the protocol used to secure web traffic over the Internet by encrypting data between the user's browser and the web server, ensuring privacy and data integrity.

During the Containment, Eradication, and Recovery phase, evidence is collected and preserved to understand the incident and prevent future occurrences. This is crucial for effective incident response.

Risk Avoidance is a qualitative risk management strategy that involves eliminating the risk entirely, rather than trying to manage or transfer it. The other options focus on quantifying or mitigating risks, which are not qualitative.

Asymmetric Encryption uses two different keys: a public key for encryption and a private key for decryption. This contrasts with Symmetric Encryption, which uses the same key for both processes.

A Password Policy is a security policy that defines rules for creating and managing passwords, ensuring security. In contrast, Firewall Configuration, Network Topology, and Data Backup Schedule are not classified as security policies.

The principle of 'separation of duties' aims to prevent conflict of interest by ensuring that no single individual has control over all aspects of a transaction, thereby reducing the risk of fraud and errors.

S/MIME (Secure/Multipurpose Internet Mail Extensions) is the protocol specifically designed for encrypting and signing email messages, ensuring confidentiality and authenticity. The other options (IMAP, POP3, SMTP) are not used for encryption.

The primary goal of the "Detection and Analysis" phase is to identify and understand the incident. This involves gathering information to assess the nature and impact of the incident before taking further action.

The correct answer is Risk Transfer, which involves sharing the risk with another party, often through contracts or insurance. This strategy allows one party to manage potential losses by transferring the risk to another.