100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SBOLC Security Fundamentals Questions and Answers 2024 $10.99   Add to cart

Exam (elaborations)

SBOLC Security Fundamentals Questions and Answers 2024

 4 views  0 purchase
  • Course
  • SBOLC
  • Institution
  • SBOLC

SBOLC Security Fundamentals Questions and Answers 2024

Preview 4 out of 31  pages

  • August 24, 2024
  • 31
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SBOLC
  • SBOLC
avatar-seller
CLOUND
SBOLC Security Fundamentals
Questions and Answers 2024
AAA Security Model (AAA Triad Model) - ANSWER--Authentication: Proof that the
subject/source is as they claim to be

-Authorization: Specifying which actions the subject is allowed to perform

-Accounting: Monitoring, tracking, reviewing, or assessing the actions of a subject
identification

ACE - ANSWER-Access Control Entry

-A single entry in an ACL

Advantages of Qualitative Risk Assessment - ANSWER--Impact is easily understood
-Can provide rich information beyond financial impacts, such as impact on perceived
safety, health, or reputation

Advantages to Quantitative Risk Assessment - ANSWER--Supports cost-benefit
analysis of risk response options
-Allows computation of necessary capital to achieve a business goal

Annualized Loss Expectancy (ALE) - ANSWER-ALE = SLE x Annual Rate of
Occurrence (ARO)

Anomaly-Based Detection - ANSWER--Must learn which activities are normal and
acceptable

-Compares event to a baseline of normalcy

APIPA - ANSWER-Automatic Private Internet Protocol Addressing

-When an Operating System assigns itself an IP address

Appliance Firewall - ANSWER--Filters or restricts network traffic to/from networked
resources

-Content and protocol filtering

-Screened network host and subnetwork

-Port Restrictions

,APT - ANSWER-Advanced Persistent Threat

-Prolonged, stealthy, ongoing series of sophisticated attacks

-Usually entails diddling attack techniques and redundant attack vectors to maintain
adaptable, long-term control

Asymmetric Cryptography - ANSWER--Also known as Public Key Cryptography (PKC)
-Each user is assigned a mathematically related key pair
-Public key is available t oeveryone
-Private key is kept a secret
-One key encrypts the data and the other key decrypts the data

AUP - ANSWER-Acceptable Use Policy

Backdoors - ANSWER-Allows access to a system without having to authenticate

Behavior-based detection (Heuristics) - ANSWER-Looks for evidence of compromise
based upon abnormal system responses

BPA - ANSWER-Business Partners Agreement

-A written agreement defining the general relationship between
business partners with a focus on financial matters

Broadcast Storm - ANSWER--Frames are broadcasted, received and rebroadcasted by
each switch, resulting in the frame never being delivered.

-Can cause severe network congestion

-Degrades switch processing

BSSID - ANSWER-Basic Service Set ID

-ID of the wireless network

Buffer Overflow - ANSWER-More information is placed in a buffer (memory stack or
heap) than it can hold, which then overflows into the next buffer

Business competitors - ANSWER-A business adversary trying to gain a competitive
advantage

Business Continuity Planning (BCP) - ANSWER--The preventative and proactive
strategic plan to mitigate disruptive incidents to business operations
-Focuses on anticipating business operation disruptions

,Business Impact Analysis (BIA) - ANSWER--A management tool that helps determine
the financial impact of business of organizational changes

Business Information Classifications - ANSWER--Public
-Private
-Proprietary
-Confidential

BYOD - ANSWER-Bring Your Own Device

-Device is owned by the employee and is allowed to be used within the company for
business functions

CA - ANSWER-Certificate Authority: Creates, signs, and revokes asymmetric keys

CHAP - ANSWER-Challenge Handshake Authentication Protocol

-A 3way handshake challenge: Peer sends request to authenticator, Authenticator
sends Nonce to Peer, Peer sends response back to Authenticator to get authenticated

CIA Triad Model - ANSWER--Confidentiality: Achieving and maintaining secrecy

-Integrity: Achieving and maintaining trust

-Availability: Maintaining timely access

Clean Desk Policy - ANSWER-Secure sensitive items when not in use

COBO - ANSWER-Corporate Owned, Business Only

-Device is issued by the company and can only be used for official business purposes

-Company administers the device

COPE - ANSWER-Corporate Owned, Personally

-Company manages the device and applies restrictions

-Employees can use the device for personal functions

CRL - ANSWER-Certificate Revocation List: a list housed by the CA that contains the
serial numbers of digital certificates that have been revoked

CSR - ANSWER-Certificate Signing Request: Formal request sent to the CA asking for
a certificate to be
generated

, CYOD - ANSWER-Choose Your Own Device

-Employees choose from a list of company supported devices

DAR - ANSWER-Data at Rest: Stored data

Data Backups and Storage Solutions - ANSWER--Disk-based data backups

-Tape-based data backups

-Onsite storage: readily available, online versus offline data backups

-Offsite storage: Geographical considerations

-Cloud storage: data sovereignty issues

Data in Transit/Motion - ANSWER-Data passed between systems through the network

Data in use/Point of Sale (POS) - ANSWER-Data being processed in a system

Data Sanitization Techniques - ANSWER--Purging: altering or removing the data in a
way so that it can no longer be accessed

-Degaussing: using a strong electromagnetic field on magnetic media to make the data
unreadable

-Wiping: overwriting the media with multiple rounds of intermittent bits (zeroization)

-Encryption: encrypting the data but deleting the decryption key

Data State Model - ANSWER-Implement the CIA triad within each of the data states

Database Normalization - ANSWER-Process of refining a relational database to reduce
data redundancy and improve the integrity of the data

Database stored procedures - ANSWER-Prewritten functions stored within the database
data dictionary

Database Tokenization - ANSWER-Replacing sensitive data with arbitrary data

DDoS - ANSWER-Distributed Denial of Service

-Multiple attackers prevents access to resources for authorized users

-Often causes resource exhaustion

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller CLOUND. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.99
  • (0)
  Add to cart