Author: examcert

Federated Identity Management (39.2.6) Federated identity management (FIM) refers to multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group. While FIM provides convenience to users and administrators, if the system is exploited by hackers, they will have access to many systems…

Authentication, Authorization, and Accounting (AAA) (39.2.4)Let’s look into administrative access controls in more detail.The concept of administrative access controls involves three security services: authentication, authorization, and accounting (AAA).These services provide the primary framework to control access, preventing unauthorized access to a computer, network, database, or other data resource. AuthenticationThe first A in AAA represents authentication….

Ensuring Availability (39.1.7)There are many measures that organizations can implement to ensure the availability of their services and systems, as shown in Table 39-2. Table 39-2 Examples of Ensuring Availability Check Your Understanding—Security Foundations (39.1.8)Refer to the online course to complete this activity. Access Control (39.2)An essential goal of network security is controlling access to…

Confidentiality, Integrity, and Availability (39.1.2) It is true that the list of network attack types is long. But there are many best practices that you can use to defend your network, as you will learn in this chapter. Network security consists of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or…

ObjectivesUpon completion of this chapter, you will be able to answer the following questions: Key TermsThis chapter uses the following key terms. You can find the definitions in the Glossary.availabilityconfidentialityfirewallintegritymalware Introduction (39.0) Hello again! The awareness campaign that Lara worked on was a success. Because of this, the college has invited Lara to work on…

Rogue access points are installed on networks without authorization. They can masquerade as legitimate access points to trick users into associating with them. They can be used to conduct MitM attacks by deauthenticating users or posing as legitimate access points with more desirable connections in evil twin attacks. Wireless signals are susceptible to interference and…

Shoulder surfing refers to looking over someone’s shoulder in order to obtain credentials like passwords, PINs, or credit card numbers. Dumpster diving means literally going through someone’s trash to find confidential personal information. Piggybacking and tailgating are ways to gain unauthorized physical access to restricted areas. Other means of deception are sending fake invoices to…

Cybersecurity Threats, Vulnerabilities, and Attacks Summary (38.6) The following is a summary of each topic in the chapter and some questions for your reflection. What Did I Learn in This Chapter? (38.6.1) • Common Threats—A threat domain is an area of control, authority, or protection that attackers can exploit to gain access to a system….

Defending Against Email and Browser Attacks (38.5.12)There are many actions that you can take to defend against email and browser attacks. Some of the most important ones are outlined here: The following are some other common attacks that cybercriminals can launch. Physical AttacksPhysical attacks are intentional, offensive actions used to destroy, expose, alter, disable, steal,…

Spam (38.5.8) Spam, also known as junk mail, is simply unsolicited email. In most cases, it is a method of advertising. However, a lot of spam is sent in bulk by computers infected by viruses or worms—and often contains malicious links, malware, or deceptive content that aims to trick recipients into disclosing sensitive information, such…