D430: Fundamentals of Information
Security - PASSED
1. Acceptability (biometrics) - ANS-a measure of how tolerable the feature is to the
customers of the device.
2.
3. Ex; structures which are gradual, difficult or awkward to use are less likely to be tolerable
through customers.
4. Access manipulate lists (ACLs) - ANS-lists containing records approximately what form
of get admission to positive events are allowed to need to a given gadget.
5. Access manipulate version - ANS-a manner of determining who need to be allowed get
admission to to what sources.
6.
7. The maximum commonplace of THESE are: discretionary get right of entry to
manipulate, obligatory get right of entry to manipulate, rule-based totally get entry to
manipulate, role-based get right of entry to manage, characteristic-based totally get right
of entry to manage, and multilevel get admission to manage.
8. Get entry to controls - ANS-the gear and systems you use to deny or allow get entry to;
implementing authorization.
9.
10. Ex; a key to fasten or release doors, badge for access at paintings, password to use a
pc.
11.
12. M; THIS has 4 basic tasks: allowing get admission to, denying get entry to, proscribing
access, and revoking get admission to.
13. Duty - ANS-making sure individuals are answerable for their moves.
14.
15. THIS is accomplished with the aid of the usage of identity, authentication, and
authorization procedures so you can realize who a given event is related to and what
permissions allowed them to hold it out.
16. Deal with space format randomization (ASLR) - ANS-a method that shifts the contents of
the reminiscence in use around so that tampering with it's miles even greater tough.
17. Administrative controls/measures (mitigate risks) - ANS-THIS dictates how the
customers of your environment need to behave; the policies, laws, policies, approaches,
suggestions, and other objects which might be "paper" in nature.
18.
19. M; an important thing of THIS is the potential to put in force it. Can cause threats and
vulnerabilities if left unchecked.
,20. AES (symmetric set of rules) - ANS-a hard and fast of symmetric block ciphers that uses
three extraordinary ciphers: one with a 128-bit key, one with a 192-bit key, and one with
a 256-bit key, all of which encrypt blocks of 128 bits.
21. Agented scans - ANS-lets in the scanning of a bunch as though it have been an
authenticated person at the device by way of having a small piece of software, referred
to as an agent, installed at the precise host.
22. Air-gapped networks - ANS-networks without a direct connections to the outdoor.
23. Permitting get entry to (get admission to controls) - ANS-giving a celebration access to a
given aid.
24.
25. Ex; allowing using a document or permitting a person into your property.
26. Alter default debts (assault surface) - ANS-os hardening requires the changing or
elimination unneeded accounts, particularly default money owed if possible.
27.
28. M; many default and visitor money owed include greater needless permissions than
predicted and often with out a password.
29. Evaluation of threats (operations safety) - ANS-the second step is to research any
threats associated with the essential information you recognized.
30.
31. M; repeat this step for each object of vital data, for each birthday party that would take
gain of it if it were exposed, and for every use they may make of the statistics.
32. Evaluation of vulnerabilities (operations security) - ANS-the third step is reading the
vulnerabilities inside the protections you've installed area to secure your data property.
33. Anomaly-based detection (IDS) - ANS-works by using figuring out the everyday kinds of
traffic and activity taking area on the community, then measures the present site visitors
in opposition to that baseline so that it will locate styles that are not present within the
site visitors generally.
34. Utility of countermeasures (operations protection) - ANS-the fifth and very last step is
putting measures in place to mitigate the risks to your important facts.
35.
36. M; have to mitigate either the hazard or the vulnerability on the bare minimal. Getting rid
of both will make sure you not have a critical risk.
37. Utility penetration trying out - ANS-a kind of pentesting that focuses at once on an utility
or software environment.
38.
39. M; requires a extra specialised set of tools and skills at the a part of the tester and
entails two approaches: static evaluation and dynamic evaluation.
40. Software scanning - ANS-a scanning device particular to web technologies and
vulnerabilities.
41.
42. M; can search greater deeply inside the application for troubles than a scanner intended
strictly for hosts would be capable of discover.
, 43. Arbitrary code execution (or 'far off code execution' while performed over the community)
- ANS-the potential for attackers to execute any command on a device that they pick out,
with out limit.
44.
45. M; protection flaws related to the languages used to talk to databases permits this to
manifest.
46. Determine dangers (hazard control technique) - ANS-as soon as the threats and
vulnerabilities are recognized, THIS is performed to have an universal idea of the chance
so you can start to mitigate them.
47.
48. M; a vulnerability with out a matching threat or a risk with out a matching vulnerability
does no longer constitute a hazard.
49. Investigate vulnerabilities (danger control system) - ANS-belongings will have tens of
millions of threats, but most effective a fraction might be applicable; THIS is performed to
peer if those applicable threats pose a danger.
50.
51. Ex; if facts is uncovered, it is able to lead to a breach. In case your records is encrypted,
this isn't always a chance.
52.
53. Ex; if the system goes down, business operations can even pass down, that is a danger.
54. Assessment of dangers (operations protection) - ANS-the fourth step is deciding what
problems you want to address in the relaxation of the operations safety system.
55. Exams (audit) - ANS-the tests used to find and fix vulnerabilities earlier than attackers
discover them.
56.
57. Ex; vulnerability checks, penetration testing.
58. Asset - ANS-THIS is whatever of fee inside an employer, composed of; the humans,
assets, and records.
59. Uneven set of rules (additionally asymmetric key cryptography or public key
cryptography) - ANS-uses keys: a public key and a personal key.
60.
61. The general public key is obtainable by using the public to encrypt records, the personal
secret is used to decrypt messages by using the receiver.
62.
63. Resolves the trouble of having to find a secure way to proportion a unmarried non-public
key between the receiver and the sender.
64.
65. Ex; RSA, elliptic curve cryptography (ECC), RC4, ElGamal, Diffie-Hellman, and Digital
Signature Standard (DSS).
66. Assault floor - ANS-the sum of the available avenues thru which your running gadget is
probably attacked.
67.
68. Decreased in six approaches:
69. remove unnecessary software program
