1.2

Question 1

CIA stands for

(AKA AIC)

Answer 1

Confidentiality Integrity Availability

Question 2

The pillar of security that prevents disclosure of information to unauthorized individuals or systems (CIA Triad)

Answer 2

Confidentiality

Question 3

The pillar of security that prevents messages being modified without detection (CIA Triad)

Answer 3

Integrity

Question 4

The pillar of security that keeps systems and networks up and running (CIA Triad)

Answer 4

Availability

Question 5

Which part of the CIA triad does encryption help?

Answer 5

Confidentiality

Question 6

Which part of the CIA triad do access controls help?

Answer 6

Confidentiality

Question 7

Which part of the CIA triad does 2FA help?

Answer 7

Confideniality

Question 8

Which part of the CIA triad does hashing help?

Answer 8

Integrity

Question 9

Which part of the CIA triad do digital signatures help?

Answer 9

Integrity

Question 10

Which part of the CIA triad do certificates help?

Answer 10

Integrity

Question 11

Which part of the CIA triad does non-repudiation help?

Answer 11

Integrity

Question 12

Which part of the CIA triad does redundancy help?

Answer 12

Availability

Question 13

Which part of the CIA triad does fault tolerance help?

Answer 13

Availability

Question 14

Which part of the CIA triad does patching help?

Answer 14

Availability

Ensures stability and closes security holes

Question 15

A security concept that means that you cannot deny what you have said or done

Answer 15

Non-repudiation

Question 16

A security concept that means that data is stored and transferred as intended; any modification to that data would be identified

Answer 16

Integrity

Question 17

A security concept that means that certain information should only be known to certain people; unauthorized information disclosure should be prevented

Answer 17

Confidentiality

Question 18

A security concept that means that information is accessible to authorized users

Answer 18

Availability

Question 19

A string of text that represents data

AKA message digest, fingerprint

Answer 19

Hash

Question 20

AAA stands for

Answer 20

Authentication, Authorization, Accounting

Question 21

What information does the AAA server hold?

Answer 21

Username/password information to verify if credentials are approved

Question 22

How do you authenticate a device, and make sure that it is approved to access your network?

(A device can’t authenticate with username/password)

Answer 22

Put a digitally signed certificate on the device, and check it during the login process

Question 23

A device or software that is responsible for managing all of the certificates in the environment

Answer 23

Certificate authority (CA)

Question 24

How do you authenticate a user, and make sure that they are approved to access your network?

Answer 24

Usually by using username/password credentials

Question 25

A model used to authorize users/devices to access resources within a network

Answer 25

Authorization model

Question 26

How does an authorization model work?

Answer 26

It makes a framework of permissions associated with roles, organizations, and attributes Without this model, you would have to assign permissions to every user. This does not scale well.

Question 27

Authorization model is AKA

Answer 27

An abstraction

Question 28

A study of where we are versus where we would like to be Identifies weaknesses and most effective processes The final report provides detailed baseline objectives, recommendations, as well as plans for budget, schedule, and change control

Answer 28

Gap analysis

Question 29

A security term meaning that everything must be verified; nothing is inherently trusted Forces users/devices/processes to authenticate every time they access a resource

Answer 29

Zero trust

Question 30

The 3 parts of 2FA

Answer 30

Something you have Something you know Something you are

Question 31

The part of the device that performs the actual security process Processes frames, packets, and network data Does processing, forwarding, trunking, encrypting, and NAT

Answer 31

Data plane

Question 32

The part of the device that: Defines policies and rules Determines how packets should be forwarded Sets up routing tables, session tables, NAT tables It manages the actions of the data plane

Answer 32

Control plane

Question 33

A technology that applies security controls based on additional information gathered by the authentication process ex. geolocation, type of connection, IP address

Answer 33

Adaptive identity

Question 34

The limitation of the number of entry points to a network

Answer 34

Threat scope reduction

Question 35

A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, heuristics). It combines adaptive identity with a predefined set of rules Decides what type of authentication process should be used to truly understand if the person trying to identify themselves is truly that person

Answer 35

Policy-driven access control

Question 36

A logical way to group physical and virtual interfaces Identifies where the traffic comes from and where it is going ex. trusted/untrusted, internal/external, separate departments, separate VPN connections

Answer 36

Security zone

Question 37

How are security zones used during authorization?

Answer 37

Some zones may be implicitly blocked If an untrusted zone tries to communicate with a trusted zone, they will be blocked Some zones may be implicitly trusted If a trusted zone tries to communicate with an internal zone

Question 37

What are subjects and systems?

Answer 37

End users, devices, applications, and processes that need to be authenticated/authorized by a PEP

Question 37

A mechanism that enforces policies upon subjects and systems Sends authentication information to the PDP for the PDP to make a decision After the PDP makes the decision, this mechanism enforces that decision

Answer 37

PEP (Policy Enforcement Point)

Question 37

A mechanism that uses a process for making an authentication decision Examines authentication and determines whether the traffic should be allowed on the network Uses pre-defined security policies to determine the decision, and then sends that decision to the PEP

Answer 37

PDP (Policy Decision Point)

Question 38

The part of the PDP that measures gathered authentication information against pre-defined network policies in order to determine whether the traffic should be allowed on the network

Answer 38

Policy engine

Question 39

The 2 parts of the PDP

Answer 39

Policy Engine Policy Administrator

Question 40

The part of the PDP that provides the decision to the PEP Generates access tokens or credentials

Answer 40

Policy Administrator

Question 41

A physical security measure that prevents access, and can channel people through specific access points Also used to mark high security areas ex. Allows people, but prevents cars and trucks

Answer 41

Barricades and bollards

Question 42

A physical security measure that provides a space between two sets of interlocking doors. It prevents unauthorized individuals from following authorized individuals into facilities. It controls access to a particular area to certain individuals or groups. This control has a variety of configurations--for example, all the doors can be unlocked, but when one door is open, all of the other doors will automatically lock.

Answer 42

Access control vestibule AKA mantrap

Question 43

A physical security measure that creates a perimeter and prevents access to an area. May be transparent or opaque. This is normally a very obvious security measure. Thus, it needs to be very sturdy.

Answer 43

Fence

Question 44

A physical security measure that allows authorized individuals to watch footage of a secure area. May include motion detection and object detection.

Answer 44

Video surveillance AKA CCTV

Question 45

A physical security measure that can provide physical protection of an area and validate the identity of existing employees

Answer 45

Guard

Question 46

What is two-person integrity/control?

Answer 46

The idea that if security guards work in pairs, they each hold each other accountable to uphold the security policy.

Question 47

A physical security measure that is given to authorized individuals. It contains the individual's name, picture, and other necessary details to verify their identity. Often electronically logged

Answer 47

Access badge

Question 48

A physical security measure that illuminates secure spaces to provide better visibility for guards or cameras. Angles and optimal light levels are important to consider.

Answer 48

Lighting

Question 49

A physical security measure that detects infrared radiation in both light and dark areas.

Answer 49

Infrared

Question 50

A type of infrared security measure that detects motion.

Answer 50

Motion detector

Question 51

A type of infrared security measure that detects pressure. Detects a change in force, for example, around windows or floors.

Answer 51

Pressure sensor

Question 52

A type of infrared security measure that detects movement across large areas

Answer 52

Microwave

Question 53

A type of infrared security measure that can send and receive sound waves, detect motion, and provide collision detection

Answer 53

Ultrasonic

Question 54

A virtual machine used to attract attackers to your system and keep them involved in the system while you study the attacker and their methods

Answer 54

Honeypot

Question 55

A real network (including servers, workstations, routers, switches, and firewalls) that attracts attackers and keeps their interest while you study the attacker and their methods

Answer 55

Honeynet

Question 56

Files that have fake information or appear to be very important in order to attract an attacker. These files will NOT normally be accessed by normal employees, so it is good to have an alarm on these files when someone attempts to gain access. ex. passwords.txt

Answer 56

Honeyfiles

Question 57

Traceable data added to a honeynet. If this data is downloaded and distributed, you know exactly where it came from. ex. Fake API credentials or fake email addresses that send out notifications when used ex. Database records, browser cookies, web page pixels, etc.

Answer 57

Honeytokens