IT Fundamentals Module 5 Unit 1

Presentation

•

Computers

•

Professional Development

•

Practice Problem

•

Hard

willie reynolds

Used 4+ times

FREE Resource

19 Slides • 9 Questions

Module 5 / Unit 1 / Security Concerns

The Oﬃcial CompTIA ITF+
(Exam FC0‑U61) Guide

Image by racorn © 123rf.com

Objectives

• Distinguish threats to the

conﬁdentiality, integrity, and availability
of information processing systems

• Identify social engineering techniques

• Describe the importance of business

continuity and how to make systems
fault tolerant

• Explain the importance of disaster

recovery plans

• Controlling access to resources

• Balance security with accessibility

• Properties of secure information—“CIA Triad”

o
Conﬁdentiality

o
Integrity

o
Availability

• Security threats

Computer Security Basics

• Snooping

• Eavesdropping/wiretapping/sniﬃng

• Social engineering/dumpster diving

Conﬁdentiality Concerns

• Man-in-the-Middle (MitM)

• Replay

• Impersonation

Integrity Concerns

• Denial of Service (DoS)

• Power outage

• Hardware failure

• Destruction

• Serviceoutage

Availability Concerns

• Access control system

• Authentication

o
Prove that a user is who they say they are

o
Associate that person with a unique computer or network user account

• Authorization

o
Create barriers around the resource such that only authenticated users can gain access

o
Resource permissions lists

• Accounting

o
Recording when and by whom a resource was accessed

Authorization, Authentication, and Auditing

• Getting people to reveal conﬁdential information

• Attackers often build access with piecemeal steps

• Any information about a company can be helpful in making social engineering

attacks more likely to succeed

Social Engineering

Impersonation, Trust, and Dumpster Diving

• Gain access by pretending to be

someone else

o
Intimidate through false rank or spurious
technical jargon

o
Exploit trust - coax and persuade

• Building trust is easier if you have

information that will convince your target
(or put them oﬀ-guard)

o
Department employee lists, job titles,
phone numbers, diary, invoices, or
purchase orders

• “Dumpster diving” for discarded company

information

• Identity fraud

o
Masquerade as someone else

o
Control accounts that are supposed to be operated by someone else

o
Exploit stolen Personally Identiﬁable Information (PII)

• “Shoulder surﬁng” to observe credentials

Identity Fraud and Shoulder Surﬁng

Defeating Social Engineering Attacks

• Training and education

• Security policies

o
Proper support procedures

o
Account and device protection—e.g.
using screen locks to prevent “lunchtime
attacks”

o
Identity badges, escorted visitors, and
secure doors

• Outages cost—ﬁnancially and reputational damage

• Business continuity plans minimize outages or the eﬀect of outages

• Fault tolerance

o
Design systems without single points of failure

o
Develop contingency plans to cope with failures

o
Provision redundant components and systems to allow failover

Business Continuity and Fault Tolerance

• Redundant Array of Independent Disks (RAID)

• Conﬁgurations to allow the storage system to tolerate individual disk unit failures

o
RAID 1—disk mirroring

o
RAID 5—striping with parity

• RAID cannot replace the need for backups

Data Redundancy

• Multiple adapter cards/ports for individual host

o
Also allows load balancing

• Multiple network paths between nodes

• Routers can detect failed links and choose alternative paths

Network Redundancy

• Dual power supplies

• Redundant circuits

• Uninterruptible Power Supply (UPS)

• Backup power generator

Power Redundancy

• Providing redundancy at the site level

• Replication can be used to synchronize data between multiple sites

Site Redundancy and Replication

• Plans for speciﬁc scenarios rather than overall business continuity

o
Workﬂows and resources

o
Wide range of possible major and minor scenarios

• Prioritization

• Data restoration

• Restoring access

Disaster Recovery

Review

Image by Wavebreak Media © 123rf.com

Review

• Distinguish threats to the

conﬁdentiality, integrity, and
availability of information processing
systems

• Identify social engineering

techniques

• Describe the importance of business

continuity and how to make systems
fault tolerant

• Explain the importance of disaster

recovery plans

Image by racorn © 123rf.com

Examples of Common Threats

Multiple Choice

When you're sending a private message to a friend, which property of secure information ensures that only your friend can read the message?

Availability

Integrity

Confidentiality

Redundancy

Multiple Choice

Your favorite online game is suddenly inaccessible due to a high number of requests to the server. This is an example of an attack on which property of secure information?

Confidentiality

Integrity

Availability

Redundancy

Multiple Choice

You receive an email from a "friend" asking for your password to a shared streaming service. This is an example of what type of security threat?

Social engineering

Malware

Phishing

Virus

Multiple Choice

You attend a workshop at work about how to identify suspicious emails. This is an example of which strategy to enhance the effectiveness of security technologies?

Redundancy

User education and training

Disaster recovery planning

Encryption

Multiple Choice

Your computer is set up to automatically back up your files to an external hard drive every night. This is an example of your system being:

Fault tolerant

Confidential

Available

Integrated

Multiple Choice

Your office building has multiple internet connections to ensure that if one goes down, the others will keep the network online. This is an example of:

Confidentiality

Redundancy

Integrity

Social engineering

Multiple Choice

After a power outage at work, a plan is activated to switch operations to another location. This is an example of:

Redundancy

Social engineering

Disaster recovery planning

User education and training

Multiple Choice

You receive an email from your bank asking you to confirm your account details. You're suspicious because the email address doesn't look right. This is an example of which strategy to identify security threats?

Disaster recovery planning

User education and training

Redundancy

Social engineering

Dropdown

CIA stands for

Module 5 / Unit 1 / Security Concerns

The Oﬃcial CompTIA ITF+
(Exam FC0‑U61) Guide

Show answer

Auto Play

Slide 1 / 28

SLIDE

Similar Resources on Wayground

23 questions

Quiz 2 A1

Presentation

•

Professional Development

24 questions

Swipe Right on Quizizz

Presentation

•

Professional Development

22 questions

Permainan bola voli kelas X

Presentation

•

KG - University

24 questions

ນຳສະເໜີ ຄັງປັນຍາລາວ

Presentation

•

Professional Development

21 questions

Taller con directivos

Presentation

•

Professional Development

20 questions

KUIS SPESIAL RAMADHAN HARI KE-17

Presentation

•

Professional Development

20 questions

Funcionamiento de las economías globales

Presentation

•

Professional Development

24 questions

Chapter 8 Lecture 1 & 2

Presentation

•

University

Popular Resources on Wayground

20 questions

"What is the question asking??" Grades 3-5

Quiz

•

1st - 5th Grade

20 questions

“What is the question asking??” Grades 6-8

Quiz

•

6th - 8th Grade

10 questions

Fire Safety Quiz

Quiz

•

12th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

34 questions

STAAR Review 6th - 8th grade Reading Part 1

Quiz

•

6th - 8th Grade

20 questions

“What is the question asking??” English I-II

Quiz

•

9th - 12th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

47 questions

8th Grade Reading STAAR Ultimate Review!

Quiz

•

8th Grade

Discover more resources for Computers

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

21 questions

Illinois Science Assessment Practice

Quiz

•

Professional Development