1.2 Summarize fundamental security concepts

Question 1

Confidentiality

Answer 1

Information is accessible only to authorized personnel

Question 2

Integrity

Answer 2

data remains accurate and unaltered

Question 3

availability

Answer 3

data and resources are accessible when needed (e.g redundancy measure

Question 4

How do we achieve Availability

Answer 4

Redundancy : back up options of critical components or functions of system with the intention of enhancing its reliability

Question 5

Various type of redundancy

Answer 5

Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

Question 6

Non Repudiation

Answer 6

provides proof of the origin, authenticity and integrity of data.
can’t deny having performed an action

Question 7

How do we achieve Non Repudiation

Answer 7

Digital Signature : hashing then, encrypting the hash digest with the user private key.

Question 8

Why Non Repudiation is important

Answer 8

• Confirming the authenticity of Digital Signature
• Ensuring Integrity
• Providing Accountability

Question 9

Authentication

Answer 9

Verifying the identity of individuals or entities in digital interactions

Question 10

Five commonly used authentication methods

Answer 10

Something you know : knowledge factor ( username, password

Something you have : possession factor, physical item ( ID, phone)

Something you are : Inherence factor :unique physical or behavioral characteristics ( biometric authentication )

Something you do : Action factor, user conducting a unique action

Somewhere you are : location factor user being in certain geographic location

Question 11

2FA and MFA

Answer 11

Two authentication method

Two or more authentication methods

Question 12

Why authentication is critical

Answer 12

• Prevent unauthorized access
• protect user data and privacy
• Ensure resources validity

Question 13

Authorization

Answer 13

Determining actions or resources an authenticated user can access (permission: who can access what)

Set of rules and policies to dictate who can access, or modify what.

Question 14

Authorization mechanisms

Answer 14

role-based
rule- based
attribute - based controls

Question 15

Why authorization is important

Answer 15

• protect sensitive data
• maintain system integrity
• create more streamline the user experience
  serve as gatekeeper

Question 16

Accounting

Answer 16

all user activities are properly tracked and recorded ( monitoring and logging)

Question 17

why we need accounting

Answer 17

to achieve
- transparency
- Security
- Accountability

Question 18

What are we accounting in the system

Answer 18

logging and accessing files
modifying configurations
downloading or installing software
attempting unauthorized actions

Question 19

what are some of accounting systems

Answer 19

Audit Trail ( chronological record of all user activities)

Regulatory Compliance : maintain a comprhensive record of all the users’ activities.

Forensic Analysis: detail accounting and event logs

Resource Optimization : tracking resource utilization and allocation decision

User Accountability

Question 20

Technologies used for accounting

Answer 20

Syslog servers : aggregate logs from various network devices and systems

Network analysis tools : like wireshark capture and analyze network traffic

SIEMs : Security Information and Event Management : real-time analysis of security alerts.

Question 21

6 Types of Security Control

Answer 21

1. Preventative control
2. Deterrent Controls : warning
3. Detective Controls : detect and alert
4. Corrective Controls : address issue after they arise
   5/ Compensating Controls : alternative
5. Directive Controls : dictate specific action

Question 22

Methods to achieve integrity

Answer 22

checksums: method to verify integrity of data during transmission.

Access Control: only authorized individuals can modify data.

Regular Audits: review logs and operations.

Hashing: process of converting data into fixed size values.

Digital Signature: uses encryption to ensure integrity and authenticity

Question 23

Integrity is important for three main reasons

Answer 23

■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability

Question 24

How to achieve Confidentiality

Answer 24

Encryption: convert data to code

Access Control: authorized personnel only access certain data

Data masking: obscuring data with in database

Physical Security

Training and awareness

Question 25

CIA triad

Answer 25

Basis for the development of Security confidentiality : making sure data is kept secret or private. Integrity : making sure data is trustworthy and free from tempering. Availability: make sure system is functioning and accessible

Question 26

CIANA

Answer 26

Confidentiality: safeguard Integrity : not altered Authentication : verification Non -repudiation : proof Authorization : access

Question 27

CIA triad

Answer 27

Basis for the development of Security confidentiality : making sure data is kept secret or private. Integrity : making sure data is trustworthy and free from tempering. Availability: make sure system is functioning and accessible

Question 28

The Integrity of your data is maintained only if

Answer 28

the data is authentic, accurate, and reliable.

Question 29

Authentication Authorization, and Accounting (AAA)

Answer 29

security framework that controls access to resources, enforces policies, and audits usage screening and keeping track of users activity while they are connected. login -> privileges to access -> keep track

Question 30

Gap Analysis

Answer 30

process of evaluating the differences between an organization's current performance and its desired performance

Question 31

Steps to conduct gap analysis

Answer 31

1. define the scope of analysis( desired outcome) 2. gather data on the current state of the organization (done through gather survey, interviews, forms of data collection) 3. Analyze the data to identify the gaps ( where the organization's current performance falls short) 4. Develop a plan to bridge the gaps( change of process or system or other area of the organization). The plan should also include specific goal, objectives and timeline for achieving them.

Question 32

Type of Gap analysis

Answer 32

1. Technical Gap Analysis : evaluating an organization's current technical infrastructure and identifying where it falls short of technical capabilities required to fully utilize their security solution. 2. Business Gap Analysis :evaluating an organization's current business process and identifying where it falls short of the capabilities required to fully utilize their security solution.

Question 33

Zero Trust

Answer 33

Trust nothing and verify everything. demand continuous verification happens for every transaction within our network regardless of where it came from.

Question 34

Type of planes to to create zero trust architecture

Answer 34

1. Control plane 2. Data plane

Question 35

What is control plane in zero trust architecture

Answer 35

refers to the overarching framework and set of components that are responsible for defining, managing, and enforcing the policies related to user and system access within an organization. It provides a centralized way to dictate and control how, when, and where access is going to be granted to ensure that only authenticated and authorized entities can access specific resources.

Question 36

What is Data plane in zero trust architecture

Answer 36

ensure policies and procedures are being properly executed.

Question 37

key elements in control plane in zero trust architecture

Answer 37

Adaptive identity: real-time validation that takes into account the user's behavior, their device, their location, and other factors. Threat scope reduction: limit our users' access to only what they need for their work task because this drastically reduces the network's potential attack surface. Policy-driven access control: develop, manage, and enforce user access policies based on their roles and responsibilities. Secured zones. isolated environments within a network that are designed to house sensitive data.

Question 38

Data Plane is consist of

Answer 38

subject/system: verify the authenticity to the individual or entity attempting to gain access. policy engine cross-references: the access request with its predefined policies. policy administrator: is an essential part of the Zero Trust model that's going to be used to establish and manage the access policies.( dictates who gets access to what) policy enforcement point: allow or restrict access and it will effectively act as a gatekeeper to the sensitive areas of your systems or networks.

Question 39

To learn from the different threat actors that are attacking your network is to set up and utilize

Answer 39

deception and disruption technologies

Question 40

How to Outsmarting Threat Actors

Answer 40

- deception and disruption technologies - Tactics, Techniques, and Procedures (TTPs): Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors

Question 41

What Deceptive and Disruption Technologies

Answer 41

Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats

Question 42

Deception and disruption technology

Answer 42

- Honeypot - Honeynet - Honeyfile - Honeytoken

Question 43

Honeypots

Answer 43

● Decoy system or network set up to attract and deceive attackers

Question 44

Honeynets

Answer 44

● Network of honeypots to create a more complex system that is designed to mimic an entire network of systems ○ Servers ○ Routers ○ Switches

Question 45

Honeyfiles

Answer 45

● Decoy files placed within a system to detect unauthorized access or data breaches

Question 46

■ Honeytokens

Answer 46

● Fake data to alert administrators when accessed or used

Question 47

Some disruption technologies and strategies

Answer 47

■ Bogus DNS entries : Fake Domain Name System entries introduced into your system's DNS server ■ Creating decoy directories : Fake folders and files placed within a system's storage ■ Dynamic page generation: Effective against automated scraping tools or bots trying to index or steal content from your organization's website ■ Use of port triggering to hide services ● Port Triggering: Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected ■ Spoofing fake telemetry data: When a system detects a network scan is being attempted by an attacker, it can be configured to respond by sending out fake telemetry or network data

Question 48

Physical securities

Answer 48

- Bollards - Access control vestibule - Fencing - Video surveillance - Security guard - Access badge - Lighting - Sensors o Infrared o Pressure o Microwave o Ultrasonic

Question 49

what is a Physical Security ?

Answer 49

■ Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access

Question 50

Bollards

Answer 50

○ Short, sturdy vertical posts controlling or preventing vehicle access

Question 51

Fences

Answer 51

○ Barriers made of posts and wire or boards to enclose or separate areas

Question 52

what is a Surveillance System and the categories?

Answer 52

● An organized strategy to observe and report activities ● Components ○ Video surveillance Security guards ○ Lighting ○ Sensors - Security Guards

Question 53

Access Control Vestibules

Answer 53

● Double-door system electronically controlled to allow only one door open at a time ● Prevents piggybacking and tailgating

Question 54

kind of Door Locks

Answer 54

● Padlocks : Easily defeated and offer minimal protection ● Pin and tumbler locks ● Numeric locks ● Wireless locks ● Biometric locks ● Cipher locks : Mechanical locks with numbered push buttons, requiring a correct combination to open. commonly used for server rooms ● Electronic access control systems

Question 55

Modern Electronic Door Locks Authentication Methods

Answer 55

- Identification Numbers - Wireless Signals: e NFC, Wi-Fi, Bluetooth, or RFID for unlocking - Biometrics : Biometrics

Question 56

Biometric Challenges

Answer 56

● False Acceptance Rate (FAR) ○ Occurs when the system erroneously authenticates an unauthorized user ○ Lower FAR by increasing scanner sensitivity ● False Rejection Rate (FRR) ○ Denies access to an authorized user. Adjusting sensitivity can increase FRR ● Crossover Error Rate (CER) ○ A balance between FAR and FRR for optimal authentication effectiveness

Question 57

Video Surveillance Can include the following.

Answer 57

○ Motion detection ○ Night vision ○ Facial recognition

Question 58

Sensors

Answer 58

Devices that detect and respond to external stimuli or changes in the environment

Question 59

categories of sensors

Answer 59

○ Infrared Sensors: ■ Detect changes in infrared radiation that is often emitted by warm bodies like humans or animals Pressure Sensors ■ Activated whenever a specified minimum amount of weight is detected on the sensor that is embedded into the floor or a mat ○ Microwave Sensors ■ Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects ○ Ultrasonic Sensors ■ Measures the reflection of ultrasonic waves off moving objects

Question 60

Access Control Vestibules

Answer 60

■ Double-door system that is designed with two doors that are electronically controlled to ensure that only one door can be open at a given time help prevent piggybacking and tailgating.

Question 61

Piggybacking

Answer 61

● Involves two people working together with one person who has legitimate access intentionally allows another person who doesn't have proper authorization to enter a secure area with them

Question 62

Tailgating

Answer 62

● Occurs whenever an unauthorized person closely follows someone through the access control vestibule who has legitimate access into the secure space without their knowledge or consent

Question 63

Badges contains

Answer 63

● RFID (Radio-Frequency Identification) ● NFC (Near-field Communication) ● Magnetic strips