1.1 CONTROL TYPE: Corrective

The goal is to make corrective actions or restore from an attack. Example > Restoring to data backups after a ransomeware attack.

1.1 CONTROL TYPE: Compensating

The goal is to mitigate risk associated with exceptions made to a policy. Example > If Multi-factor Auth.. is not currently mandated on the network, maybe we can COMPENSATE by adding stricter password policies.

1.1 CONTROL TYPE: Directive

The goal is to inform employees and others what they should do achieve security objectives. Example > Policies, SOP (standard Operating Procedure), or a STIG mandated from DISA.

1.4 PKI - In Database level Encryption, there are two levels: TDE and CLE. What are they?

Encryption at the database level: Transparent Data Encryption - Encrypting the entire database. Column-level Encryption - Encrypts selected columns only.

1.4 PKI - Non-repudiation is not ensured with symmetric encryption. Why?

Users have a “shared secret” key to encrypt/decrypt, so it’s hard to track the origin of the message.

1.4 PKI - How to find Symmetric Key Requirement vs Asymmetric/PKI.

Symmetric - n(n-1) / 2 Ex> 3 participants. Plug into 3(3-1) /2 to get 3 required symmetric keys. This is a good perspective as it why it gets more complicated with more people involved. It’s not as efficiently scalable as asymmetric/PKI. Asymmetric/PKI - Each user has a private and public key, so it would be *2. Ex> 2 participants would involve 4 keys. Each user gets two keys when they are established, making scalability efficient.

1.4 PKI - Encryption types: DES, 3DES, AES

DES - est 1977, no longer secure, replaced in 2001 3DES - more secure by running the DES alg. 3 times with 3 different keys. Depreciated 2023. AES - star child, replacement of DES since 2001 IAW FIPS 197.

1.4 PKI - What are they main three methods to share secret keys with symmetric encryption?

Offline (out-of-band) distribution, Public Key Encryption, Diffie-Hellman key exchange algorithm.

1.4 CERTs - What can be used to verify a valid cert for more than one subdomain? Hint: used with an asterisk

Wildcard Ex> The following *. certmike.com would be valid for all: Certmike.com Www.certmike.com Mail.certmike.com Only valid at the same level, not for www . cissp .certmike.com

1.4 CERTs - describe the process of obtaining a digital certificate.

ENROLLMENT - the user must provide identification to the CA in some manner - could be a physical verification with an agent of the CA CERTIFICATE SIGNING REQUEST (CSR) - After verifying your identity to the CA, you must provide your public key via CSR. CA produces an x.509 digital certificate for you.

Sec+ Domains 1-5 Flashcards

Student preview

31 questions

Show all answers

1.

FLASHCARD QUESTION

Front

1.1 CAT: technical

Back

Enforces CIA - Apples to the configurations of networking systems.

Ex> Firewall rules, IPS/IDS, Encryption.

2.

FLASHCARD QUESTION

Front

1.1 CAT: Managerial

Back

Applies to oversight in terms of risk management mechanisms.

Example > risk assessments, security planning exercises.

3.

FLASHCARD QUESTION

Front

1.1 CAT: operational

Back

Applies with day to day function, making sure the mission is carrying out.

Example > Log monitoring, data backups, vulnerability management.

4.

FLASHCARD QUESTION

Front

1.1 CAT: physical

Back

Applies to physical security for facilities/assets.

Example > Building locks, perimeter lighting, fences, burglar alarms, fire suppression systems.

5.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Preventative

Back

The goal is to prevent an exploit from happening, hence the name.

Example > Firewall and Encryption

6.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Deterrent

Back

The goal is to sway the threat actor from carrying out an attack.

Example > Vicious guard dogs, bright flood lights, barbed wire fences, those laser-filled rooms you see in spy movies….

7.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Detective

Back

The goal is to detect when an event/incident is/has happened.

Example > Intrusion Detection System spots malware activity on a network and alerts the admin.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Solving One-Step Inequalities

Flashcard

•

7th Grade

23 questions

Англия и парламент

Flashcard

•

6th Grade

26 questions

Day 1

Flashcard

•

KG

22 questions

WEB TECHNOLOGY

Flashcard

•

University

27 questions

Roman Vocab

Flashcard

•

7th Grade

21 questions

Understanding Business Environment and Innovation

Flashcard

•

University

21 questions

Sejarah KSSM Tingkatan 3 bab 1 Ulangkaji

Flashcard

•

9th Grade

20 questions

Spiral Review-Neg/Pos Vocab, Divided?, substitution, MMR, graphs

Flashcard

•

6th - 7th Grade

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Science

10 questions

Magnets for Primary

Quiz

•

KG - 1st Grade

11 questions

Kindeness In Action

Lesson

•

KG