1.1 CONTROL TYPE: Corrective

The goal is to make corrective actions or restore from an attack. Example > Restoring to data backups after a ransomeware attack.

1.1 CONTROL TYPE: Compensating

The goal is to mitigate risk associated with exceptions made to a policy. Example > If Multi-factor Auth.. is not currently mandated on the network, maybe we can COMPENSATE by adding stricter password policies.

1.1 CONTROL TYPE: Directive

The goal is to inform employees and others what they should do achieve security objectives. Example > Policies, SOP (standard Operating Procedure), or a STIG mandated from DISA.

1.4 PKI - In Database level Encryption, there are two levels: TDE and CLE. What are they?

Encryption at the database level: Transparent Data Encryption - Encrypting the entire database. Column-level Encryption - Encrypts selected columns only.

1.4 PKI - Non-repudiation is not ensured with symmetric encryption. Why?

Users have a “shared secret” key to encrypt/decrypt, so it’s hard to track the origin of the message.

1.4 PKI - How to find Symmetric Key Requirement vs Asymmetric/PKI.

Symmetric - n(n-1) / 2 Ex> 3 participants. Plug into 3(3-1) /2 to get 3 required symmetric keys. This is a good perspective as it why it gets more complicated with more people involved. It’s not as efficiently scalable as asymmetric/PKI. Asymmetric/PKI - Each user has a private and public key, so it would be *2. Ex> 2 participants would involve 4 keys. Each user gets two keys when they are established, making scalability efficient.

1.4 PKI - Encryption types: DES, 3DES, AES

DES - est 1977, no longer secure, replaced in 2001 3DES - more secure by running the DES alg. 3 times with 3 different keys. Depreciated 2023. AES - star child, replacement of DES since 2001 IAW FIPS 197.

1.4 PKI - What are they main three methods to share secret keys with symmetric encryption?

Offline (out-of-band) distribution, Public Key Encryption, Diffie-Hellman key exchange algorithm.

1.4 CERTs - What can be used to verify a valid cert for more than one subdomain? Hint: used with an asterisk

Wildcard Ex> The following *. certmike.com would be valid for all: Certmike.com Www.certmike.com Mail.certmike.com Only valid at the same level, not for www . cissp .certmike.com

1.4 CERTs - describe the process of obtaining a digital certificate.

ENROLLMENT - the user must provide identification to the CA in some manner - could be a physical verification with an agent of the CA CERTIFICATE SIGNING REQUEST (CSR) - After verifying your identity to the CA, you must provide your public key via CSR. CA produces an x.509 digital certificate for you.

Sec+ Domains 1-5 Flashcards

Student preview

31 questions

Show all answers

1.

FLASHCARD QUESTION

Front

1.1 CAT: technical

Back

Enforces CIA - Apples to the configurations of networking systems.

Ex> Firewall rules, IPS/IDS, Encryption.

2.

FLASHCARD QUESTION

Front

1.1 CAT: Managerial

Back

Applies to oversight in terms of risk management mechanisms.

Example > risk assessments, security planning exercises.

3.

FLASHCARD QUESTION

Front

1.1 CAT: operational

Back

Applies with day to day function, making sure the mission is carrying out.

Example > Log monitoring, data backups, vulnerability management.

4.

FLASHCARD QUESTION

Front

1.1 CAT: physical

Back

Applies to physical security for facilities/assets.

Example > Building locks, perimeter lighting, fences, burglar alarms, fire suppression systems.

5.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Preventative

Back

The goal is to prevent an exploit from happening, hence the name.

Example > Firewall and Encryption

6.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Deterrent

Back

The goal is to sway the threat actor from carrying out an attack.

Example > Vicious guard dogs, bright flood lights, barbed wire fences, those laser-filled rooms you see in spy movies….

7.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Detective

Back

The goal is to detect when an event/incident is/has happened.

Example > Intrusion Detection System spots malware activity on a network and alerts the admin.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

CPU Architecture - DG

Flashcard

•

10th Grade

25 questions

English Word forms Challenge

Flashcard

•

10th - 12th Grade

26 questions

Database Basics for KS3 ICT

Flashcard

•

7th - 9th Grade

28 questions

Untitled Flashcards

Flashcard

•

10th Grade

26 questions

Seasons

Flashcard

•

9th Grade

22 questions

Year 10 Prep-Psychology - review topic 2

Flashcard

•

10th Grade - University

28 questions

G7 Science - Unit 5 Test Revision

Flashcard

•

7th Grade

25 questions

Ch. 3 Inventory Management 20252 Flashcard

Flashcard

•

University

Popular Resources on Wayground

10 questions

Honoring the Significance of Veterans Day

Interactive video

•

6th - 10th Grade

9 questions

FOREST Community of Caring

Lesson

•

1st - 5th Grade

10 questions

Exploring Veterans Day: Facts and Celebrations for Kids

Interactive video

•

6th - 10th Grade

19 questions

Veterans Day

Quiz

•

5th Grade

14 questions

General Technology Use Quiz

Quiz

•

8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

Circuits, Light Energy, and Forces

Quiz

•

5th Grade

19 questions

Thanksgiving Trivia

Quiz

•

6th Grade

Discover more resources for Science

14 questions

States of Matter

Lesson

•

KG - 3rd Grade

7 questions

Natural Resources

Quiz

•

KG - 2nd Grade

10 questions

Sound Energy Assessment

Quiz

•

KG - 2nd Grade

10 questions

Magnets

Quiz

•

KG - 1st Grade