D430 Fundamentals of Information Security - Set 5 - Part 1

Correct Answer: Cryptanalysis

Cryptanalysis is a method of analyzing encrypted information (ciphertext) to uncover patterns that could lead to the discovery of the encryption key or the original data.

Correct Answer: Integrity

Integrity ensures that data remains accurate and unaltered, protecting against unauthorized changes made by accidental or malicious intent.

Correct Answer: Denial of Service (DoS)

A Denial of Service (DoS) attack overloads a system with excessive traffic or requests, causing it to become unavailable to legitimate users.

Correct Answer: Hashing

Hashing generates a unique, fixed-length fingerprint of a message that can be used to verify the integrity of data, detecting any unauthorized changes.

Correct Answer: Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is a strict access control model that bases access decisions on both the classification of the data and the clearance level of the user.

Correct Answer: Containment

Containment is the process of controlling a security breach to limit its impact and prevent further damage before moving on to the eradication phase.

Correct Answer: RSA

RSA is a widely-used cryptographic algorithm for securing sensitive data transmitted over the internet, particularly for encrypting credit card information and online transactions.

Correct Answer: Exploit-based attack

An exploit-based attack takes advantage of software vulnerabilities, such as buffer overflows or unpatched systems, to gain unauthorized access to a system.

Correct Answer: Fuzzer

A fuzzer is a tool used to simulate attacks on web applications by bombarding them with random inputs, helping to identify security vulnerabilities.

Correct Answer: Man-in-the-middle attack

A man-in-the-middle attack involves an attacker intercepting and potentially manipulating the communication between two parties to steal sensitive data or alter the transmitted information.

Correct Answer: Nonrepudiation

Nonrepudiation ensures that both the sender and the recipient of a message cannot deny their involvement in the communication, providing evidence of the transaction or interaction.

Correct Answer: Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC) assigns access rights based on predefined attributes of users and resources, such as location, time of access, and device type, providing more dynamic access control.

Correct Answer: Stateful firewall

A stateful firewall monitors the state of active connections and makes decisions on whether to allow or block traffic based on the context of the connection.

Correct Answer: Availability

Availability ensures that data and systems are accessible to authorized users when needed, protecting against disruptions such as system failures or denial of service attacks.

Correct Answer: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) exploits vulnerabilities in a web application to execute malicious code in the browser of an unsuspecting user, potentially leading to unauthorized actions or data theft.

Correct Answer: Nmap

Nmap is a network scanning tool used to identify open ports, services, and vulnerabilities on a network, providing valuable information for securing systems and preventing unauthorized access.

Correct Answer: Clickjacking

Clickjacking is an attack that manipulates users into clicking on an unintended element on a web page, often by disguising the true target behind an invisible or misleading interface.

Correct Answer: SOX

The Sarbanes-Oxley Act (SOX) requires organizations to audit their financial systems regularly and comply with accurate reporting standards, preventing fraudulent financial activities.

Correct Answer: RSA

RSA is an asymmetric cryptographic algorithm used to generate secure digital signatures and encrypt data, ensuring confidentiality, integrity, and authenticity in digital communication.

Correct Answer: SQL Injection

SQL Injection attacks target vulnerabilities in input fields of web applications, allowing attackers to insert unauthorized SQL commands and compromise the database.