SBOLC Security Fundamentals
Questions and Answers 2024
AAA Security Model (AAA Triad Model) - ANSWER--Authentication: Proof that the
subject/source is as they claim to be
-Authorization: Specifying which actions the subject is allowed to perform
-Accounting: Monitoring, tracking, reviewing, or assessing the actions of a subject
identification
ACE - ANSWER-Access Control Entry
-A single entry in an ACL
Advantages of Qualitative Risk Assessment - ANSWER--Impact is easily understood
-Can provide rich information beyond financial impacts, such as impact on perceived
safety, health, or reputation
Advantages to Quantitative Risk Assessment - ANSWER--Supports cost-benefit
analysis of risk response options
-Allows computation of necessary capital to achieve a business goal
Annualized Loss Expectancy (ALE) - ANSWER-ALE = SLE x Annual Rate of
Occurrence (ARO)
Anomaly-Based Detection - ANSWER--Must learn which activities are normal and
acceptable
-Compares event to a baseline of normalcy
APIPA - ANSWER-Automatic Private Internet Protocol Addressing
-When an Operating System assigns itself an IP address
-Prolonged, stealthy, ongoing series of sophisticated attacks
-Usually entails diddling attack techniques and redundant attack vectors to maintain
adaptable, long-term control
Asymmetric Cryptography - ANSWER--Also known as Public Key Cryptography (PKC)
-Each user is assigned a mathematically related key pair
-Public key is available t oeveryone
-Private key is kept a secret
-One key encrypts the data and the other key decrypts the data
AUP - ANSWER-Acceptable Use Policy
Backdoors - ANSWER-Allows access to a system without having to authenticate
Behavior-based detection (Heuristics) - ANSWER-Looks for evidence of compromise
based upon abnormal system responses
BPA - ANSWER-Business Partners Agreement
-A written agreement defining the general relationship between
business partners with a focus on financial matters
Broadcast Storm - ANSWER--Frames are broadcasted, received and rebroadcasted by
each switch, resulting in the frame never being delivered.
-Can cause severe network congestion
-Degrades switch processing
BSSID - ANSWER-Basic Service Set ID
-ID of the wireless network
Buffer Overflow - ANSWER-More information is placed in a buffer (memory stack or
heap) than it can hold, which then overflows into the next buffer
Business competitors - ANSWER-A business adversary trying to gain a competitive
advantage
Business Continuity Planning (BCP) - ANSWER--The preventative and proactive
strategic plan to mitigate disruptive incidents to business operations
-Focuses on anticipating business operation disruptions
,Business Impact Analysis (BIA) - ANSWER--A management tool that helps determine
the financial impact of business of organizational changes
Business Information Classifications - ANSWER--Public
-Private
-Proprietary
-Confidential
BYOD - ANSWER-Bring Your Own Device
-Device is owned by the employee and is allowed to be used within the company for
business functions
CA - ANSWER-Certificate Authority: Creates, signs, and revokes asymmetric keys
CHAP - ANSWER-Challenge Handshake Authentication Protocol
-A 3way handshake challenge: Peer sends request to authenticator, Authenticator
sends Nonce to Peer, Peer sends response back to Authenticator to get authenticated
CIA Triad Model - ANSWER--Confidentiality: Achieving and maintaining secrecy
-Integrity: Achieving and maintaining trust
-Availability: Maintaining timely access
Clean Desk Policy - ANSWER-Secure sensitive items when not in use
COBO - ANSWER-Corporate Owned, Business Only
-Device is issued by the company and can only be used for official business purposes
-Company administers the device
COPE - ANSWER-Corporate Owned, Personally
-Company manages the device and applies restrictions
-Employees can use the device for personal functions
CRL - ANSWER-Certificate Revocation List: a list housed by the CA that contains the
serial numbers of digital certificates that have been revoked
CSR - ANSWER-Certificate Signing Request: Formal request sent to the CA asking for
a certificate to be
generated
, CYOD - ANSWER-Choose Your Own Device
-Employees choose from a list of company supported devices
DAR - ANSWER-Data at Rest: Stored data
Data Backups and Storage Solutions - ANSWER--Disk-based data backups
-Tape-based data backups
-Onsite storage: readily available, online versus offline data backups
-Offsite storage: Geographical considerations
-Cloud storage: data sovereignty issues
Data in Transit/Motion - ANSWER-Data passed between systems through the network
Data in use/Point of Sale (POS) - ANSWER-Data being processed in a system
Data Sanitization Techniques - ANSWER--Purging: altering or removing the data in a
way so that it can no longer be accessed
-Degaussing: using a strong electromagnetic field on magnetic media to make the data
unreadable
-Wiping: overwriting the media with multiple rounds of intermittent bits (zeroization)
-Encryption: encrypting the data but deleting the decryption key
Data State Model - ANSWER-Implement the CIA triad within each of the data states
Database Normalization - ANSWER-Process of refining a relational database to reduce
data redundancy and improve the integrity of the data
Database stored procedures - ANSWER-Prewritten functions stored within the database
data dictionary
Database Tokenization - ANSWER-Replacing sensitive data with arbitrary data
DDoS - ANSWER-Distributed Denial of Service
-Multiple attackers prevents access to resources for authorized users
-Often causes resource exhaustion
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CLOUND. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.