D430 Fundamentals of Information Security - Set 4 - Part 1

Correct Answer: SQL Injection

SQL Injection attacks involve embedding malicious SQL commands within input fields to gain unauthorized access to a database or manipulate its data.

Correct Answer: Integrity

Integrity ensures that information remains accurate and unaltered, protecting against unauthorized modifications.

Correct Answer: Hashing

Hashing generates a fixed-length output from input data, which is used to verify data integrity by detecting any changes to the original data.

Correct Answer: Man-in-the-middle attack

A man-in-the-middle attack involves intercepting and possibly altering communication between two parties, potentially stealing sensitive information.

Correct Answer: Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) grants access based on the roles assigned to users, ensuring that access is consistent with their responsibilities within the organization.

Correct Answer: Symmetric encryption

Symmetric encryption uses the same key for both encryption and decryption, providing fast and efficient data protection for large amounts of data.

Correct Answer: GLBA

The Gramm-Leach-Bliley Act (GLBA) regulates the protection of financial records and mandates that financial institutions explain their data-sharing practices to customers.

Correct Answer: Deep packet inspection firewall

Deep packet inspection firewalls analyze the content of network traffic, enabling them to detect and block malicious activities based on the data itself.

Correct Answer: Clickjacking

Clickjacking involves tricking users into clicking on a hidden or disguised element on a web page, leading to unintended actions such as executing malicious commands.

Correct Answer: Asymmetric encryption

Asymmetric encryption uses a pair of keys—a public key for encryption and a private key for decryption—ensuring secure data transmission.

Correct Answer: Principle of Least Privilege

The Principle of Least Privilege ensures that users are restricted to only the permissions necessary to perform their specific tasks, reducing the risk of accidental or malicious misuse.

Correct Answer: Wireshark

Wireshark is a popular packet sniffer and network traffic analysis tool used to monitor and identify signs of malicious activity on a network.

Correct Answer: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks involve injecting malicious scripts into trusted web pages, which are then executed by users' browsers, leading to unauthorized actions or data theft.

Correct Answer: Risk management

Risk management involves identifying, assessing, and prioritizing risks to an organization’s assets, followed by the implementation of controls to mitigate or reduce those risks.

Correct Answer: Data at rest encryption

Data at rest encryption is used to protect data stored on devices such as hard drives or USBs, ensuring that unauthorized users cannot access the data even if they obtain the device.

Correct Answer: Denial of Service (DoS)

A Denial of Service (DoS) attack floods a system with excessive traffic or requests, overwhelming its resources and making it unavailable to legitimate users.

Correct Answer: RSA

RSA is an asymmetric cryptographic algorithm that uses a public and private key pair for generating secure digital signatures and encrypting data.

Correct Answer: Availability

Availability ensures that data and systems are accessible to authorized users when needed, protecting against disruptions such as system failures or denial of service attacks.

Correct Answer: FERPA

The Family Educational Rights and Privacy Act (FERPA) governs the privacy of student education records and requires educational institutions to implement safeguards to protect them.

Correct Answer: Social Engineering

Social engineering is an attack technique that uses deception to manipulate individuals into divulging confidential information or performing unauthorized actions, often through psychological manipulation.