Information Technology /Security+ (SY0-701): Cryptographic Solutions Part 4
Security+ (SY0-701): Cryptographic Solutions Part 4
This deck covers key concepts and definitions related to cryptographic solutions as outlined in the Security+ (SY0-701) Lesson 3, Part 4. It includes encryption methods, protocols, and security features.
What encryption method is best suited for bulk encryption?
Symmetric encryption due to overhead of asymmetric.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What encryption method is best suited for bulk encryption?
Symmetric encryption due to overhead of asymmetric.
Define an 'encryption level'
Depth of encryption; Ranging from more granular (file/folder or row/record) to less granular (volume/partition/disk or database).
Define 'Full-disk encryption (FDE)'
Disk/Drive firmware that encrypts the full contents of a storage device, including metadata, free space.
What is the purpose of Full-disk encryption (FDE)?
Protects against physical theft of the disk.
What is a software/firmware alternative to Full-disk encryption (FDE)?
A self-encrypting drive (SED).
Define a 'A self-encrypting drive (SED)'
Storage device (SSD/HDD/USB) with cryptoprocessor firmware that can perform self-encryption and storage of keys.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What encryption method is best suited for bulk encryption? | Symmetric encryption due to overhead of asymmetric. |
Define an 'encryption level' | Depth of encryption; Ranging from more granular (file/folder or row/record) to less granular (volume/partition/disk or database). |
Define 'Full-disk encryption (FDE)' | Disk/Drive firmware that encrypts the full contents of a storage device, including metadata, free space. |
What is the purpose of Full-disk encryption (FDE)? | Protects against physical theft of the disk. |
What is a software/firmware alternative to Full-disk encryption (FDE)? | A self-encrypting drive (SED). |
Define a 'A self-encrypting drive (SED)' | Storage device (SSD/HDD/USB) with cryptoprocessor firmware that can perform self-encryption and storage of keys. |
Define a 'volume' | Any storage resource with a single file system; The way the OS 'sees' a storage resource. |
What can be defined as a 'volume'? | A removable disk; Partition on an HDD or SSD; RAID array. |
What makes self-encrypting drives less secure? | Typically only encrypts volumes, implemented as a software application rather than disk firmware. |
What is the difference between 'Full-disk encryption (FDE)' and 'Self-encrypting drive (SDE) software'? | Self-encrypting drive (SDE) software may or may not encrypt free space and/or metadata. |
Define a 'file encryption product' | Software that applies encryption to individual files (or perhaps to folders/directories). |
What products are defined as A self-encrypting drive? | Microsoft's BitLocker and Apple's FileVault products perform volume encryption. |
What are the two methods of encrypting a database? |
|
Define how 'Database/Page-Level Encryption' functions | All records and logs are encrypted while they are stored on disk. |
How does 'Database/Page-Level Encryption' manage the transfer of data between an application and storage? | Encryption and decryption occurs when any data is transferred between disk and memory. |
Define how 'Record-Level Encryption' is implemented | DBA determines which fields need encryption with asymmetric encryption. |
How does 'Record-Level Encryption' or 'Cell/column encryption' leverage PKI? | Storing the private key used to unlock the value of a cell outside of the database. |
How does 'Record-Level Encryption' protect the transfer of data between storage and an application? | Data remains encrypted when loaded into memory; It is only decrypted when the client application supplies the key in the DBMS. |
Define 'Transport/communication encryption' and its function | Protects data-in-motion using key exchange. |
Define 'key exchange' | Any method by which cryptographic keys are transferred between users, enabling the use of a cryptographic algorithm. |
What protocols are commonly used for Transport/communication encryption? | Wi-Fi Protected Access (WPA), Internet Protocol Security (IPsec), Transport Layer Security (TLS). |
Define 'Wi-Fi Protected Access (WPA)' and its purpose | Securing traffic sent over a wireless network. |
Define 'Internet Protocol Security (IPsec)' and its purpose | Secured traffic sent between two endpoints over a public or untrusted transport network - refereed to as a VPN. |
Define 'Transport Layer Security (TLS)' and its purpose | Securing application data, such as web or email data, sent over a public or untrusted network. |
What protocol is used to ensure integrity/confidentiality of transport encryption? | Cryptographic protocol ‘Hash-based Message Authentication Code (HMAC)’. |
Define the purpose and function of 'Hash-based Message Authentication Code (HMAC)' | Provides confidentiality/integrity for a message by combining a cryptographic hash of the data with a symmetric secret key. |
Define the function of 'Perfect Forward Secrecy (PFS)' | Periodically creates a new key value based on data supplied by both parties in the exchange. |
What is the security benefit of 'Perfect Forward Secrecy (PFS)' | Ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions. |
What cipher does Perfect Forward Secrecy (PFS) use to implement new session keys? | Diffie-Hellman (D-H) key agreement to create ephemeral session keys. |
Define an 'ephemeral session key' | Created by Diffie-Hellman (D-H), a key that is used within the context of a single session only. |