2. Fundamentals Of Security

Question 1

Information Security

Answer 1

Protecting data and information from unauthorized access, modification, disclosure, and disruption.

Question 2

Information Systems Security

Answer 2

Protecting the systems that hold and process critical data

Question 3

CIA Triad
Confidentiality

Answer 3

Ensure information is accessible only to authorized personnel.
e.g. encryption

Question 4

CIA Triad
Integrity

Answer 4

Ensure data remains accurate and unaltered.
e.g. checksums

Question 5

CIA Triad
Availability

Answer 5

Ensure information and resources are accessible when needed.
e.g. redundancy measures.

Question 6

Non-Repudiation

Answer 6

Guarantees that an action or event cannot be denied by the involved parties.. e.g.. digital signatures

Question 7

Authentication

Answer 7

Verify the identity of a user or system

Question 8

Authorization

Answer 8

Determining actions or resources an authenticated user can access.
e.g. permissions

Question 9

Accounting

Answer 9

Tracking user activities and resource usage for audit or billing purposes.

Question 10

Security Control Categories

Answer 10

Technical
Managerial
Operational
Physical

Question 11

Security Control Types

Answer 11

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Question 12

Zero Trust Model

Answer 12

Operates on the principle that no one should be trusted by default.

Question 13

Zero Trust is achieved by:

Answer 13

Control Plane - Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
Data Plane - Subject/system, policy engine, policy administrator and establishing policy enforcement points

Question 14

Threat

Answer 14

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Question 15

Vulnerability

Answer 15

Any weakness in the system design or implementation

Question 16

Risk of the system is located

Answer 16

Where threats and vulnerabilities intersect

Question 17

Risk Management

Answer 17

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Question 18

3 reasons confidentiality is important

Answer 18

Protect personal privacy
Maintain a business advantage
Achieve regulatory compliance

Question 19

5 methods to ensure confidentiality

Answer 19

Encryption, Access Controls, Data Masking, Physical Security Measures, Training and Awareness

Question 20

3 reasons integrity is important

Answer 20

Ensure accuracy
Maintain Trust
Ensure system operability

Question 21

5 methods to maintain integrity:

Answer 21

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

Question 22

3 reasons Availability is important

Answer 22

Ensures business continuity
Maintains customer trust
Upholds organizational reputation

Question 23

5 methods to maintain availability

Answer 23

Redundancy
Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

Question 24

3 reasons non-repudiation is important

Answer 24

Confirm the authenticity of a digital transaction
Ensure the integrity of crucial communications
Provide accountability in digital processes

Question 25

5 common authentication methods

Answer 25

Something you Know (Knowledge) Something you have (Posession) Something you are (Inherence) Something you do (Action) Somewhere you are (Location)

Question 26

Accounting

Answer 26

A security measure that ensures all user activities during a communication or transaction are properly tracked and recorded.

Question 27

5 accounting methods

Answer 27

Audit trail Maintain Regulatory Compliance Conduct forensic Analysis Perform resource optimization Achieve user accountability

Question 28

Technical Controls

Answer 28

Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks

Question 29

Managerial Controls (Administrative controls)

Answer 29

Involve the strategic planning and governance side of security

Question 30

Operational Controls

Answer 30

Procedures and measures that are designed to protect data on a day-to-day basis

Question 31

Physical Controls

Answer 31

Tangible, real-world measures taken to protect assets

Question 32

Preventative Controls

Answer 32

Proactive measures implemented to thwart potential security threats or breaches

Question 33

Deterrent Controls

Answer 33

Discourage potential attackers by making the effort seem less appealing or more challenging

Question 34

Detective Controls

Answer 34

Monitor and alert organizations to malicious activities as they occur or shortly thereafter.

Question 35

Corrective Controls

Answer 35

Mitigate any potential damage and restore our systems to their normal state

Question 36

Compensating Controls

Answer 36

Alternative measures that are implemented when primary security controls are not feasible or effective

Question 37

Directive Controls

Answer 37

Often rooted in policy or documentation and set the standards for behavior within an organization

Question 38

Gap Analysis

Answer 38

Process of evaluating the differences between an organization's current performance and its desired performance

Question 39

2 types of Gap Analysis

Answer 39

Technical Gap Analysis Business Gap Analysis

Question 40

Zero Trust

Answer 40

Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin