1.1 CONTROL TYPE: Corrective

The goal is to make corrective actions or restore from an attack. Example > Restoring to data backups after a ransomeware attack.

1.1 CONTROL TYPE: Compensating

The goal is to mitigate risk associated with exceptions made to a policy. Example > If Multi-factor Auth.. is not currently mandated on the network, maybe we can COMPENSATE by adding stricter password policies.

1.1 CONTROL TYPE: Directive

The goal is to inform employees and others what they should do achieve security objectives. Example > Policies, SOP (standard Operating Procedure), or a STIG mandated from DISA.

1.4 PKI - In Database level Encryption, there are two levels: TDE and CLE. What are they?

Encryption at the database level: Transparent Data Encryption - Encrypting the entire database. Column-level Encryption - Encrypts selected columns only.

1.4 PKI - Non-repudiation is not ensured with symmetric encryption. Why?

Users have a “shared secret” key to encrypt/decrypt, so it’s hard to track the origin of the message.

1.4 PKI - How to find Symmetric Key Requirement vs Asymmetric/PKI.

Symmetric - n(n-1) / 2 Ex> 3 participants. Plug into 3(3-1) /2 to get 3 required symmetric keys. This is a good perspective as it why it gets more complicated with more people involved. It’s not as efficiently scalable as asymmetric/PKI. Asymmetric/PKI - Each user has a private and public key, so it would be *2. Ex> 2 participants would involve 4 keys. Each user gets two keys when they are established, making scalability efficient.

1.4 PKI - Encryption types: DES, 3DES, AES

DES - est 1977, no longer secure, replaced in 2001 3DES - more secure by running the DES alg. 3 times with 3 different keys. Depreciated 2023. AES - star child, replacement of DES since 2001 IAW FIPS 197.

1.4 PKI - What are they main three methods to share secret keys with symmetric encryption?

Offline (out-of-band) distribution, Public Key Encryption, Diffie-Hellman key exchange algorithm.

1.4 CERTs - What can be used to verify a valid cert for more than one subdomain? Hint: used with an asterisk

Wildcard Ex> The following *. certmike.com would be valid for all: Certmike.com Www.certmike.com Mail.certmike.com Only valid at the same level, not for www . cissp .certmike.com

1.4 CERTs - describe the process of obtaining a digital certificate.

ENROLLMENT - the user must provide identification to the CA in some manner - could be a physical verification with an agent of the CA CERTIFICATE SIGNING REQUEST (CSR) - After verifying your identity to the CA, you must provide your public key via CSR. CA produces an x.509 digital certificate for you.

Sec+ Domains 1-5 Flashcards

Student preview

31 questions

Show all answers

1.

FLASHCARD QUESTION

Front

1.1 CAT: technical

Back

Enforces CIA - Apples to the configurations of networking systems.

Ex> Firewall rules, IPS/IDS, Encryption.

2.

FLASHCARD QUESTION

Front

1.1 CAT: Managerial

Back

Applies to oversight in terms of risk management mechanisms.

Example > risk assessments, security planning exercises.

3.

FLASHCARD QUESTION

Front

1.1 CAT: operational

Back

Applies with day to day function, making sure the mission is carrying out.

Example > Log monitoring, data backups, vulnerability management.

4.

FLASHCARD QUESTION

Front

1.1 CAT: physical

Back

Applies to physical security for facilities/assets.

Example > Building locks, perimeter lighting, fences, burglar alarms, fire suppression systems.

5.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Preventative

Back

The goal is to prevent an exploit from happening, hence the name.

Example > Firewall and Encryption

6.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Deterrent

Back

The goal is to sway the threat actor from carrying out an attack.

Example > Vicious guard dogs, bright flood lights, barbed wire fences, those laser-filled rooms you see in spy movies….

7.

FLASHCARD QUESTION

Front

1.1 CONTROL TYPE: Detective

Back

The goal is to detect when an event/incident is/has happened.

Example > Intrusion Detection System spots malware activity on a network and alerts the admin.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Science 5-Third Quarter Summative Test 1

Flashcard

•

5th Grade

27 questions

Earth & Sun: Investigation 1 Review

Flashcard

•

4th - 5th Grade

25 questions

matter review

Flashcard

•

6th Grade

25 questions

HTML BASICS Test

Flashcard

•

KG - University

23 questions

LANDFILL LECTURE 2

Flashcard

•

University

23 questions

MODULE 1: Introduction and Brief History of ArgDeb

Flashcard

•

University

26 questions

Hidden Figures 2024

Flashcard

•

5th - 12th Grade

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Science

11 questions

FOREST Growth Mindset

Lesson

•

KG

35 questions

4.2 Plant and Animal Life

Quiz

•

KG

5 questions

Heat and Light

Quiz

•

KG