CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

by Darril Gibson

Confidentiality, integrity, and availability together form the CIA security triad, a model used

to guide security principles within an organization.

A use

case describes a goal that an organization wants to achieve.

The agile model

uses a set of principles that can be shared by cross- functional teams—employees

employees in different de...

precondition must occur before the process can

start.

trigger starts the use case.

Postconditions occur after the actor triggers the process. In this

use case will typically list each of the steps in a

specific order.

If you want to be

an expert in agile, you can pursue the Project Management Institute

Agile Certified Pra...

Confidentiality prevents the unauthorized disclosure of

data.

Encryption scrambles data to make it unreadable by unauthorized personnel.

Advanced Encryption Standard (AES).

Personally Identifiable Information (PII),

Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data.

Users claim an identity with a unique username.

Users prove their identity with authentication, such as with a password. For example, Maggie knows her password, but no one else should know it. When she logs on to her account with her

Next, you can grant or restrict access to resources using an authorization method, such as permissions.

It obscures the data and can be used in a use case to support obfuscation. Obfuscation methods attempt to make something unclear or difficult to understand.

Within the context of information technology (IT) security, it’s called security by obscurity or security through obscurity.

steganography as hiding data in plain sight.

you can embed a hidden message in an image by modifying certain bits within the file.

Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such as hiding text files within an image file.

Integrity provides assurances that data has not changed.

This can be from unauthorized users, from malicious software (malware), and through system and human errors. When this occurs, the data has lost integrity.

Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash- based Message Authentication Code (HMAC).

a hash is simply a number created by executing a hashing algorithm against data, such as a file or message.

Hashing doesn’t tell you what modified the message. It only tells you that the message has been modified.

You can use hashes with messages, such as email, and any other type of data files.

for this book at http://gcgapremium.com/501labs/.

Integrity provides assurances that data has not been modified, tampered with, or corrupted.

Hashing verifies integrity. A hash is simply a numeric value created by executing a hashing algorithm against a message or file.

a digital signature is similar in concept to a handwritten signature.

Authentication from the digital signature prevents attackers from impersonating others and sending malicious emails.

Digital signatures also provide non-repudiation. In other words, Lisa cannot later deny sending the email because the digital signature proves she did.

If you buy something with a credit card and sign the receipt, you can’t later deny making the purchase. If you do, the store will use your signature to repudiate your claim.

Another example is with audit logs that record details such as who, what, when, and where.

Digital signatures require the use of certificates and a Public Key Infrastructure (PKI).

Certificates include keys used for encryption and the PKI provides the means to create, manage, and distribute certificates.

Redundancy adds duplication to critical systems and provides fault tolerance.

If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption. In other words, a system with fault tolerance can suffer a fault, but it can tolerate it and continue to operate.

single point of failure (SPOF).

If an SPOF fails, the entire system can fail. For example, if a server has a single drive, the drive is an SPOF because its failure takes down the server.