Domain 1, Quiz 1 Flashcards
Which type of security control aims to limit the damage of an attack after it has occurred?
a. Detective
b. Preventive
c. Deterrent
d. Corrective
Corrective
Corrective controls aim to limit the damage after an attack has occurred and restore system functionality.
What does the “A” stand for in the CIA triad?
a. Availability
b. Authentication
c. Accounting
d. Authorization
Availability
Availability is the correct component of the CIA triad, focusing on ensuring that data is accessible when needed.
Which of the following is considered a managerial control?
a. Video Surveillance
b. Firewall
c. Security Policy
d. Encryption
Security Policy
A security policy is a managerial control as it focuses on governance and policy settings.
What is non-repudiation primarily concerned with?
a. Ensuring data is not tampered with
b. Ensuring system uptime
c. Proving the origin of a message
d. Ensuring only authorized personnel access data
Proving the origin of a message
Non-repudiation ensures that a message sender cannot deny the authenticity of the message sent.
Which type of security control is a bio-metric scanner?
a. Managerial
b. Technical
c. Operational
d. Physical
Technical
A bio-metric scanner is a technical control involving technology to authenticate users.
In the context of physical security, what is the primary purpose of bollards?
a. To detect unauthorized access
b. To prevent vehicle intrusion
c. To surveil areas
d. To encrypt data
To prevent vehicle intrusion
Bollards act as physical barriers to prevent vehicles from entering restricted areas.
What is the main function of a compensating control?
a. To enforce mandatory security protocols
b. To actively deter potential attackers
c. To detect and log security incidents
d. To provide alternative protection when primary controls fail
To provide alternative protection when primary controls fail
Compensating controls offer alternative protection mechanisms when primary controls are ineffective, not feasible, or unavailable.
What does “AAA” stand for in the context of security?
a. Adaptive, Authorization, Authentication
b. Availability, Authorization, Accounting
c. Authentication, Authorization, Accounting
d. Accounting, Authorization, Adaptive
Authentication, Authorization, Accounting
AAA stands for Authentication, Authorization, and Accounting in the context of security.
What is the primary purpose of a honeypot?
a. To encrypt data
b. To deceive attackers
c. To authorize users
d. To prevent attacks
To deceive attackers
Honeypots are decoy systems designed to deceive attackers and gather information about their tactics.
What is the primary purpose of physical controls?
a. To create barriers and surveillance
b. To correct the actions of people and systems
c. To detect anomalies or intrusions
d. To mandate specific actions or processes
To create barriers and surveillance
Physical controls create barriers and surveillance to protect assets and data.
Which type of control is a security awareness training program?
a. Physical
b. Corrective
c. Technical
d. Managerial
Managerial
Managerial controls involve governance and policy settings; a security awareness training program is an example.
Which of the following is primarily concerned with preventing unauthorized disclosure of information?
a. Confidentiality
b. Availability
c. Integrity
d. Authorization
Confidentiality
Confidentiality is concerned with preventing unauthorized disclosure of information.
Which of the following is an example of a preventive control?
a. Security Policy
b. Firewall
c. Incident Response Plan
d. Access Control Procedures
Firewall
A firewall is a preventive control that prevents unauthorized access.
Which type of control is a Data Loss Prevention (DLP) system?
a. Directive
b. Compensating
c. Operational
d. Technical
Technical
DLP systems are hardware or software-based controls designed to enforce security measures, making them technical controls.
What is the primary objective of the Zero Trust model?
a. To trust all devices outside the network perimeter
b. To always trust, never verify
c. To never trust, always verify
d. To trust all devices inside the network perimeter
To never trust, always verify
The primary objective of the Zero Trust model is to “never trust, always verify” regardless of whether the traffic originates from inside or outside the organization.
