D430 Fundamentals of Information Security - Set 1 - Part 1

Correct Answer: GLBA

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain how they share information and take steps to safeguard customer data. It specifically addresses privacy and the security of financial information.

Correct Answer: FERPA

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records and grants certain rights to parents and students regarding access to those records.

Correct Answer: Asymmetric cryptography

Asymmetric cryptography uses two keys, a public key for encryption and a private key for decryption, providing secure communication. One key is public, and the other is private, offering more security compared to symmetric cryptography.

Correct Answer: Confidentiality

Confidentiality ensures that data is only accessible to authorized individuals, preventing unauthorized access or disclosure of sensitive information.

Correct Answer: FISMA

The Federal Information Security Management Act (FISMA) establishes a framework to ensure the effectiveness of information security controls in federal government agencies.

Correct Answer: Data in transit, data at rest, data in use

The three states of data are data at rest (stored data), data in use (actively processed data), and data in transit (data being transmitted across networks).

Correct Answer: Competitive Intelligence

Competitive intelligence involves gathering and analyzing information to support strategic business decisions, typically related to competitors and market dynamics.

Correct Answer: Asymmetric

RSA is an asymmetric encryption algorithm used for securing data through the use of two different keys: a public key for encryption and a private key for decryption.

Correct Answer: Vulnerability Analysis

Vulnerability analysis involves identifying weaknesses or flaws in systems, applications, or processes that can be exploited by threats, leading to potential security breaches.

Correct Answer: HITECH

The HITECH Act is designed to promote the adoption and meaningful use of health information technology, particularly focusing on the privacy and security of electronic health records (EHRs).

Correct Answer: Endpoint protection

Endpoint protection refers to securing end-user devices such as desktops, laptops, and mobile devices from threats like viruses, malware, and unauthorized access.

Correct Answer: Cross-site scripting (XSS)

Cross-site scripting (XSS) occurs when an attacker injects malicious scripts into a trusted website, which are then executed by the user's browser, compromising the site's security.

Correct Answer: Parkerian hexad

The Parkerian hexad extends the traditional Confidentiality, Integrity, and Availability (CIA) triad by adding three more security principles: possession or control, utility, and authenticity.

Correct Answer: To protect confidentiality

Encryption is primarily used to protect the confidentiality of data by converting it into an unreadable format unless decrypted by an authorized party.

Correct Answer: Users are given minimum permissions necessary to perform their duties.

The principle of least privilege restricts users to the minimum permissions they need to perform their tasks, reducing the risk of unauthorized access or misuse of resources.

Correct Answer: Denial of Service (DoS)

A Denial of Service (DoS) attack is intended to overwhelm a system's resources, rendering it unavailable to legitimate users by flooding it with excessive traffic or requests.

Correct Answer: Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is a strict access control model often used in military settings, where access to resources is based on security clearances and classification levels.

Correct Answer: SHA

Secure Hash Algorithm (SHA) is a cryptographic hash function that produces a fixed-size hash value, used to verify data integrity by ensuring that the data has not been altered.

Correct Answer: SQL Injection

SQL Injection is an attack that exploits input validation vulnerabilities by inserting malicious SQL queries into user input fields, allowing attackers to execute arbitrary code on the database.

Correct Answer: AES

The Advanced Encryption Standard (AES) is the standard encryption algorithm used by the U.S. government to protect sensitive data, replacing DES due to its enhanced security.